Eight Android apps with 2 billion+ downloads are committing ad click fraud

By last updated

Android Bugdroid statue
Android Bugdroid statue (Image credit: Android Central)

Google's made considerable efforts over the years to reduce the amount of junk that pops up on the Play Store, but even with all of that hard work, some garbage still seeps through the cracks. On November 26, BuzzFeed News published a report outlining how eight Android apps on the Play Store are being used to commit click fraud with advertisements.

App analytics firm Kochava provided the details to BuzzFeed News, reporting that seven apps from Cheetah Mobile and one from Kika Tech "have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars."

This particular scheme exploits the fact that many app developers pay a fee, or bounty, that typically ranges from 50 cents to $3 to partners that help drive new installations of their apps. Kochava found that the Cheetah and Kika apps tracked when users downloaded new apps and used this data to inappropriately claim credit for having caused the download. The practice being executed by Cheetah and Kika is referred to as click flooding and click injection, and ensures these companies are rewarded an app-install bounty even when they played no role in an app's installation.

The offending apps and their respective downloads include the following:

  • Clean Master (1 billion downloads)
  • Security Master (540 million downloads)
  • CM Launcher 3D (225 million downloads)
  • Kika Keyboard (205 million downloads)
  • Battery Doctor (200 million downloads)
  • Cheetah Keyboard (105 million downloads)
  • CM Locker (105 million downloads)
  • CM File Manager (65 million downloads)

CM Locker and Battery Doctor were removed from the Google Play Store following BuzzFeed News's article, but all of the other ones are still available as per usual.

Kika and Cheetah Mobile have both tried to deny any wrongdoings on their part, with Kika claiming that malicious code was placed inside Kika Keyboard without its knowledge and Cheetah Mobile throwing the blame on third-party SDKs. However, Kochava isn't buying either of these excuses.

It's unclear at this time if Cheetah's other apps and Kika Keyboard will remain on the Play Store, but should anything change, we'll update this article accordingly.

Joe Maring
Joe Maring

Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.
11 Comments
  • There must be some benefit, to Google, in leaving these offending apps in their store.
  • Hardly surprising, considering Cheetah Mobile shamelessly uses fraudulent virus warning ads to get people to download Clean Master.
  • Google needs to do a better job spreading the word that no "maintenence" apps are needed.
  • Cheetah apps are always something I have avoided.
  • Doesn't Samsung use these in their own Smart Manager app? If so, how safe is that?
  • Not the same.
  • I work at a cell phone store, and any time a customer says their phone is getting hot or it's running slow or battery is dying fast...one of those "cleaner" apps is guaranteed to be on there. Or porn.
  • I work at the wireless section in a Walmart and many customers have brought phones with these apps and they will pop up ads full screen to the point you can barely use the phone for stuff constantly popping up and it can be hard to get out of because hitting back or home just makes another one pop up. There has to be something Google can do about this on Android. It causes some people to want to switch to iPhones because they don't do it.
  • This is true! In fact, it's one of the reasons that I use my iPhone regularly (as opposed to my S9 Plus). Some apps put pop-up ads on your phone and it's hard to find the offender sometimes and they are sneaky about it. Even looking at the reviews doesn't help. Looking @ you COCOPPA
  • I used Cheetah keyboard for a short while. I came to the conclusion that there was definitely something wrong. I thought it was only that the app was shamelessly data mining. Now this. Too bad though because it was a very good keyboard otherwise.
  • I'm hoping Jerry will write one of his comprehensive articles on the subject and give his opinion.