Advertising networks are highly lucrative and therefore have to deal with nefarious parties that use fraudulent traffic in order to earn ad revenue. BuzzFeed yesterday exposed a multimillion dollar scheme that involved the tracking and mimicking of Android users.

Shell companies worked to buy and maintain legitimate Android apps, including flashlight, selfie clients, and games, only to track those users. The goal was to capture usage patterns to replicate how actual humans use apps. This data in turn was fed to a botnet that mimicked legitimate behavior in order to trick ad networks into issuing revenue on fraudulent views and usage.

This means a significant portion of the millions of Android phone owners who downloaded these apps were secretly tracked as they scrolled and clicked inside the application. By copying actual user behavior in the apps, the fraudsters were able to generate fake traffic that bypassed major fraud detection systems.

BuzzFeed has a full list of the 129 websites and Android apps involved, with the latter group downloaded more than 115 million times.

Once acquired, the apps continue to be maintained in order to keep real users happy and create the appearance of a thriving audience that serves as a cover for the cloned fake traffic. The apps are also spread among multiple shell companies to distribute earnings and conceal the size of the operation.

For its part, Google investigated and collaborated the advanced scheme, removing over 30 apps from the Play Store, and taking similar steps on its Display & Video 360 network. It notes that before BuzzFeed, its detection system already encountered 10 of these apps, and blocked other involved websites.

While our internal systems had previously caught and blocked violating websites from our ad network, in the past week we also removed apps involved in the ad fraud scheme so they can no longer monetize with Google. Further, we have blacklisted additional apps and websites that are outside of our ad network, to ensure that advertisers using Display & Video 360 (formerly known as DoubleClick Bid Manager) do not buy any of this traffic.

Google estimates “that the dollar value of impacted Google advertiser spend across the apps and websites involved in the operation is under $10 million.”

The majority of impacted advertiser spend was from invalid traffic on inventory from non-Google, third-party ad networks.

Meanwhile, the broader scheme is reportedly valued in the hundreds of millions.

At the time, it estimated that the fraud being committed by a single mobile app could generate $75 million a year in stolen ad revenue. After publishing its findings, Pixalate received an email from an anonymous person connected to the scheme who said the amount that’s been stolen was closer to 10 times that amount.

Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: