Following a BuzzFeed News investigation, Google removed six apps from the Play store that belonged to a major Chinese developer.
A host of popular Android apps from a major Chinese developer, including a selfie app with more than 50 million downloads, have been committing large-scale ad fraud and abusing user permissions, a BuzzFeed News investigation of popular Android apps has found. In several cases, the apps took steps that concealed their connections to the developer, DO Global, to users and failed to clearly disclose they were collecting and sending data to China. The investigation also raises questions about Google's policing of apps in the Play store for fraud and data collection practices.
DO Global is a Chinese app developer that claims more than 800 million monthly active users on its platforms, and was spun off from Baidu, one of China’s largest tech companies, last year. At least six of DO Global’s apps, which together have more than 90 million downloads from the Google Play store, have been fraudulently clicking on ads to generate revenue, and at least two of them contain code that could be used to engage in a different form of ad fraud, according to findings from security and ad fraud researchers Check Point and Method Media Intelligence.
The DO Global apps were identified after BuzzFeed News gathered a list of close to 5,000 popular apps from the Google Play store, along with associated information, such as the developer’s name, number of installs, and requested permissions. Apps that asked for a suspiciously large number of user permissions, or permissions deemed potentially “dangerous” by Android, were provided to researchers at several data analysis and security firms. (For a more detailed description of the methodology, see the bottom of this article.)