Mobile ad fraud: it’s a real thing that hurts the whole mobile technology ecosystem – from end users to mobile operators and even advertisers.
Upstream, a mobile technology company, released its 2019 report, The Invisible Digital Threat. It was an alarming read, revealing just how severe of a threat mobile ad fraud is across the globe. This threat occurs via malicious mobile apps imitating user clicks and raking in money from advertisements and “click throughs.” Mobile ad fraud affects end users by utilizing their available data without their knowledge or consent, but also provides false leads and data to said advertisers. Often times mobile providers are blamed for an end user’s data shortage. What’s worse, a large portion of the malicious apps were previously on Google Play Store, making the “only download apps from Google Play Store” statement less sound.
For mobile users here in the U.S., we may not have to worry as much about using too much data compared to other parts of the world. This doesn’t negate the issue though, it’s still a real threat to real people and real businesses. I remember years back when cellphone plans only included 2-3 GB data packages but nowadays, data consumption isn’t really a big issue – at least not for me. Sure, there are outliers in this, just as in many facets of life, but bear with me.
Certain parts of the world charge a lot of money to have cellular data. The report gives some contrasting examples; average workers in Germany need to work 30 minutes to afford 1GB of data and that’s not terrible, but minimum-waged workers in Brazil need to work six hours to afford this same amount of data. Another example was minimum wage workers in Africa needing to work 16 hours to afford 1GB of data. This information blew my mind and made me appreciate what I have that much more.
Imagine working for four hours (just a rough guess / estimation using the statistics about Germany and Brazil) to afford a single GB of data. How would you feel if there was network activity going on in the background effectively soaking up the very limited bandwidth you worked so hard for? I know I wouldn’t be happy in the slightest.
High-Level Worldwide Statistics
For the entire 2019 year, 98,000 malicious apps were identified, up from 63,000 in 2018. Out of the 100 most-malicious apps, 32 were available on Google Play!
Brazil had 23M infected devices, with the report claiming there were 43.3M uniquely identified devices that were infected in total. This means Brazil’s mobile users claim over 50% of the world’s infected devices, at least in terms of this report.
Another mind-boggling fact was that 99% of Egypt’s mobile transactions were fraudulent – 99%, think about that. In total, $42B dollars were lost from online, mobile and in-app advertisements. This number is expected to increase to $100B dollars by 2023. Secure-D was responsible in blocking $2.1B worth of fraudulent transactions.
To shed more light on the Google Play Store aspect, 49% of the apps were on 3rd party stores. Of the remaining 51%, 32% were still available on Google Play and only 19% were removed. A majority of these malicious apps, 22.32%, were disguised as apps offering Tools/Personalize/Productivity services. Games made up 18.97% of the apps, followed by Entertainment/Lifestyle/Shopping apps at 15.76%, Communication/Social/News & Magazines with 9.72%, and Music & Audio/Video Players & Editors/Media & Video at 9.23%.
The Top Five Most Malicious Android Applications
The report covered the five most malicious apps.
First up was Ai.type’s emoji keyboard app. It was downloaded 40M times and had 14M blocked transactions amounting to $18M in prevented charges. You can find Secure-D Lab’s blog about this app at this link.
Snaptube is a free video and music downloader. This was, too, downloaded 40M times and had 70M blocked transactions, preventing over $91M charges. Here is the link to their write-up about this. One thing to note: this application made use of the suspicious Mango SDK, which connects to external servers to commit ad fraud.
File sharing is popular, and so was 4shared – a popular file sharing app. It had 100M downloads and 114M blocked transaction, preventing $150M in charges – wow. This is the link to their write-up of 4shared.
Video streaming is pretty big as well and VidMate offered this feature, with downloads amounting up to 500M users. 128M transactions were blocked, translating to $170M in blocked charges. Here is Secure-D Lab’s write-up. This app was also known to collect personal information, such as one’s IMEI number, IMSI, and IP addresses, as well as using the suspicious Mango SDK.
Last but not least, it’s nice to have an app revealing the weather forecasts – and just that, nothing else. This isn’t the case with Weather Forecast – World Weather Accurate Radar that was pre-installed on Alcatel Android devices. With over 10M downloads and 27M blocked transactions, $1.5M of fraudulent transactions were prevented. Here’s the technical write-up.
Geographical Distribution, Top Five Most-Affected Countries
As mentioned earlier, Brazil had over 50% of the report’s total infected devices. In Brazil alone, there were almost 50,000 blocked apps with nearly 1B (986,478,119) transactions. A shocking 91% of these transactions were blocked. The main perpetrator was the 4shared file sharing app with nearly 167M blocked transactions.
Egypt distantly followed with nearly 3.3M infected devices. 4,663 apps were blocked along with 99% of the total 212,440,510 transactions. Snaptube claimed nearly 95M of the total transactions and VidMate was second with almost 72M.
Indonesia had almost 3.7M infected devices and just over 17,000 blocked apps. In total, there were almost 276M processed transactions, of which 98% were blocked. The top three malicious apps weren’t covered above but VidMate and Snaptube made up 4th and 5th place.
South Africa claimed nearly 1.7M infected devices and just over 18,000 blocked malicious apps. 86% of the 50,581,1005 transactions were blocked. The main perpetrator was VidMate with almost 15M transactions.
Ethiopia had 1,294,391 infected devices and 9,374 applications were blocked. 93% of the 36,392,390 transactions were blocked. VidMate, once again, claimed a large chunk of those transactions – just shy of 7.3M.
Further Observations
Despite Secure-D not being deployed in all parts of the world, it’s nice to see that the report speculates on the United States and the United Kingdom using “sensor campaigns to observe the fraud level in each market.” That said, 95% of UK’s transactions were fraudulent. Further, three of the top five malicious apps (Snaptube, Ai.type, Weather & Forecast) were the main perpetrators. As for the US, 92% of transactions were fraudulent and none of the top five apps were previously discussed.
These are some alarming numbers. Personally, I haven’t installed an app onto my personal Android device outside of what Google Play offers. Further, I cannot think of a time when my monthly cell phone fee increased, so I am curious what this looks like on our end and the data used to generate such numbers. That seems awfully high in my opinion though.
Who Is Upstream and What Is Secure-D
Upstream is a mobile technology company providing users around the globe with affordable and secure access to digital services. Upstream is integrated with over 60 mobile operators across the world.
They offer a product known as Secure-D, which combines machine-learning algorithms with payment-processing workflows. This offers protection against fraudulent transactions and data depletion. App publishers, mobile operators, and subscribers alike all benefit from this service. In 2019, Secure-D handled over 1.7B mobile transactions across 20 countries, detecting and blocking 98,000 malicious apps.