Though Google is trying its level best to keep the Play Store free of malicious apps with Play Protect, constantly scanning through close to 2.6 billion apps, there sure are some apps which can fly under its radar. However, it seems even Google was unaware of what Cheetah Mobile and its associate company Kika Tech were up to right under their noses – ad click fraud.

Cheetah Mobile, if you are unaware, is a renowned developer in the Android ecosystem with millions (or even billions) of downloads on some of its popular apps including Clean Master, CM Launcher 3D, Battery Doctor, and more. These are apps that are trusted not just by users but Android OEMs and even Google as well, who recommends them in the Play Store.

Ad Click Fraud Explained

However, things are not as rosy as they sound because app analytics firm Kochava, as reported by BuzzFeed, has exposed that around eight of the most popular apps from Cheetah Mobile and Kika Tech are exploiting its extensive set of Android permissions to run an ad-click fraud scheme, involving click flooding and click injection via its apps.

Such a practice takes the revenue away from legitimate publishers and moves them into the developer’s pocket while also troubling the users by inexplicably running background processes that can drain the user’s battery or mobile data. To better understand how ad scams work, take a quick look at the diagrams attached below:

I’m sure you would have seen ads for one app appearing in another app (maybe inside Xiaomi’s stock apps), well, because it’s a common practice among developers. They’re marketing their app using an even popular app, with a larger active user base, to drive installs – for which they pay a referral bonus to the developer who gets them the install. Sounds simple, right?

Well, this is where Cheetah Mobile tries to trick developers into thinking they are getting the installs through its CM branded apps (with millions of installs and active users), thus, getting a big referral bonus for each install even though they didn’t play any role in helping them gain users. This means Cheetah, and let’s not forget Kika Tech, are both involved in this activity and are minting revenue not just from Google, but also the app developers.

Apps Affected by Ad Scam

In its shocking report, Kochava has identified eight apps from Cheetah, as well as Kika Tech, to be running ad clicking frauds. Listed below are the fraudulent apps:

  • Clean Master
  • CM Launcher 3D
  • Security Master
  • Battery Doctor
  • Cheetah Keyboard
  • CM Locker
  • CM File Manager
  • Kika Keyboard

The aforementioned fraudulent apps have over 2 billion downloads in the Play Store and around 700 million active users, as per Kochava. So, you can make a guess as to how many app developers have been misled into doling out money to Cheetah Mobile and Kika for this deceptive practice.

Kochava reached out to both the companies and Kika Tech’s US general manager, Marc Richardson in a statement stated, “Kika Keyboard is a large, well-known app that helps its users communicate in many unique ways and we are extremely disappointed to learn about these flooding and injection practices. We appreciate you putting this to our attention.”

While the companies suggest they had knowledge of this practice, we recommend you take a closer look at the apps listed above and uninstall them from your device if you are actively using them. Especially if you don’t want them using your phone to make money for no real work.