Google responds to large ad fraud operation that utilized more than 125 Android apps

In a report Tuesday, Buzzfeed News concluded an investigation into a widespread ad fraud operation that involved more than 125 Android apps and websites.

What happened. Buzzfeed’s report says that a company called We Purchase Apps scooped up apps and companies from developers and connected them into a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and other locations. Many of the affected apps are targeted to kids or teens. A source involved in the scheme reportedly estimated it has “stolen hundreds of millions of dollars” from brands whose ads were shown to bots instead of actual humans.

What it means. Millions of people have downloaded the affected Android apps. BuzzFeed concluded that a significant portion of users were secretly tracked as they engaged with the apps so the fraudsters could model user behavior. “By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems,” the report stated.

How it works. In its response to the BuzzFeed report, Google explained how the botnet — dubbed TechSnab — works to inflate ad revenue by creating botnets to visit web pages.

“These botnets drove traffic to a ring of websites created specifically for this operation, and monetized with Google and many third-party ad exchanges,” Google said.

Google reacts. The company estimated that the dollar value of impacted Google advertisers spend was under $10 million and that the “majority of impacted advertiser spend was from invalid traffic on inventory from non-Google, third-party ad networks.”

Google said it removed all apps involved in the scheme this week and has “blacklisted additional apps and websites that are outside of our ad network, to ensure that advertisers using Display & Video 360 (formerly known as DoubleClick Bid Manager) do not buy any of this traffic. We are continuing to monitor this operation and will continue to take action if we find any additional invalid traffic.”

Why you should care. Ad fraud hits marketers directly in the wallet. BuzzFeed reports that the potential for stolen ad revenue related to this scheme could be as high as $750 million. One app connected to the scheme has been installed more than 20 million times.

Amin Bandeali, CTO of Pixalate, which first broke the news in June, told BuzzFeed that app stores aren’t doing enough.

“App stores, perhaps unwittingly, are providing a gateway to connecting fraudsters with [advertising] inventory buyers and sellers,” he said. “While the stores present customer reviews, download numbers and other ‘quality’ metrics, they offer minimal services that vet the business practices, technology and relationships of the app companies.”