You would expect the apps that you purchase from official marketplaces to be legitimate and non-malicious. But that's not always the case. A new study by a security research firm reveals that thousands of apps in top app stores are running a highly sophisticated and potentially harmful advertising fraud.
Forensiq, a company known for fraud detection services, reports
a new type of ad fraud called "mobile device hijacking." The firm notes that thousands of apps in the Google Play store, Apple's
App Store, and Microsoft's
Windows Phone Store are affected by it.
The infected apps look legitimate but they covertly serve hundreds of ads at a worrisome rate of as many as 20 ads per minute. A typical Android
app usually refreshes the ad after at least 30 seconds. The apps come with a hidden built-in browser that not only runs the ads, but also automatically clicks on them too.
The foul play doesn't end there, sadly. Forensiq says that these apps could continue to refresh ads in the background even after you've closed them down. Furthermore, some begin to run in the background and start requesting for ads as soon as you've switched on the device.
This scam has reportedly been running for years, and it is expected to have cost advertisers hundreds of millions of dollars. These apps make them believe that someone is clicking on those ads, but in reality, nobody is even seeing those advertisements.
As many as 12 million devices are affected with such apps, Forensiq estimates. As for its distribution, about 2 to 3 percent of all devices in Asia and Europe regions are affected by these apps.
The bombardment of so many ads in the background takes a toll on the battery of the device, and also shoots up the data usage. Forensiq says that the affected apps could eat up to 2GB of data every single day.
The firm hasn't revealed the name of the infected apps, but Bloomberg reports
that Waxing Eyebrows, Celebrity Baby, and Vampire Doctor have been suspended from the Google Play store.
While companies continue to improve their app screening methods, somehow the frequency of such mishaps has only increased in recent months. Earlier this week, we learned about a fraud app developed by the disgraced Hacking Team that managed
to find its way to Google Play.
So, what can be done? Forensiq advises users to be careful about the permissions an app asks for at the time of installation. It says that one should realise that something like a torch app needs not to look at our microSD card and connect to the Internet.