Several applications from the Chinese developer DU Group have been removed from the Google Play Store after an investigation revealed that its apps violated several policies of the search giant.
Applications from the DU Group were found to abuse user permissions, and it also included code that allows apps to click on advertisements fraudulently. Moreover, the DU Group failed to disclose their ownership of the applications adequately, and it did not also properly inform users regarding its data collection practices.
After collecting information from its users even when people are not using the software, the apps then transmit the data to servers located in China, further raising concerns that these applications may pose a national security risk.
The online publication BuzzFeed News discovered these erring applications after it provided security and data analysis firms a list of apps that either request for a large number of user permissions or asks for potentially dangerous permissions.
After analysis by security firms, six applications developed by DU Group were found to click on advertisements fraudulently. Out of these six apps, security firms also found code in two more apps that allow the software to engage in another type of ad fraud.
These applications were already downloaded more than 90 million times before Google eventually removed the violating software from the Play Store. One app, called the Selfie Camera, had more than 50 million downloads, while four applications, namely Total Cleaner, Smart Cooler, RAM Master, and Omni Cleaner, had more than 10 million downloads each. Meanwhile, AIO Flashlight had more than 1 million downloads.
Aside from the applications from DU Group, other apps found to abuse user permissions include a TV remote application, a Chinese-language software for children, and a flashlight app. The Samsung TV Remote Control app, developed by Peel Technologies Inc., uses the microphone of the handset to record sounds, while the Chinese-language app for children sends unencrypted data to servers within China.
This incident is not the first time that apps developers were found to be involved with ad fraud. In 2017, security firm eZanga discovered around 300 apps in Google Play Store that click on advertisements fraudulently, just like the recently discovered apps from the DU Group. According to security researchers, these apps cost advertisers as much as $6.5 billion. Meanwhile, in November last year, security analysts discovered eight applications from another Chinese developer, Cheetah Mobile, that was also engaged in ad fraud.
Aside from stealing money from advertisers, these apps also negatively impact the performance and the battery life of the smartphone. These applications consume RAM and utilize the CPU as it continues to run on the background. Furthermore, fraudulent software may also use data while running on the background, which could be problematic for users still on carrier plans with monthly data allocations.
Meanwhile, the data collection practices of violating applications is a cause of concern for government officials and security analysts alike. Mark Warner, a US senator from Virginia, highlighted how app developers are beholden to laws created by the Chinese ruling party, which allows the Chinese government to request data from these companies.
At this point, ad fraud has been an issue over at the Google Play Store for several years already, and this recent discovery shows that the search giant has not fully resolved this concern.