Facebook has filed a lawsuit today against two Android app developers for infecting their users with malware that faked clicks on ads. Both the Hong Kong-based JediMobi and the Singapore-based LionMobi were a part of the social media giant’s Audience Network. The program lets Facebook’s advertisers host their ads on participating mobile apps, whose developers receive a payout if a user clicks through. In the case of JediMobi and LionMobi, Facebook alleges that many of ad clicks generated through their apps weren’t from an actual human.
The issue of cybercrooks exploiting major app stores and social media platforms in their click fraud schemes has been on the rise in frequency and sophistication over the past year. What makes this case unique is not only Facebook’s unprecedented lawsuit, but also the fraudsters’ creation of apps to carry out ad fraud. This campaign reflects bad actors’ thorough familiarity with the Facebook ad ecosystem, and points to the sheer difficulty of vetting apps that are sold on today’s major app stores. But while Facebook’s landmark lawsuit will no doubt set an important precedent for future legal maneuvers against ad fraudsters, app stores should have a more thorough process for validating that an app functions strictly as described by its developers.
This highlights that all apps require a level of due diligence before downloading onto your devices. It has been shown time and time again that app stores can be littered with rogue applications that are not exactly what they purport to be. Simply reading the reviews or a quick Google search can help mitigate such risks before installing it. Luckily, these apps did not want to infect the devices they were installed on with other forms of malware and the intention was purely to make money from the clicks. However, all apps must be downloaded with caution and should not always be trusted just because they feature on an app store.