Update, November 30, 2018 (05:33AM ET): It looks like Cheetah Mobile is coming out swinging after analytics firm Kochava accused the studio of ad fraud.
The analytics company asserted that Cheetah Mobile was falsely claiming credit for new app installs on a user’s device in order to claim a bounty or fee. Now, the Chinese company has condemned Kochava’s “misleading statements” in a press release, adding that it plans to take legal action against the firm.
Cheetah Mobile has criticized Kochava for “fundamental” mistakes in its testing methods, which saw it carry out several tests in a simulated environment, then sending the video to the developer. For one, it says the analytics firm launched a Cheetah Mobile app while a “large number” of unrelated apps and SDKs (such as Appcoach and Webeye) were already open.
According to the test, these programs (namely Appcoach and Webeye) reported the installation of new apps to the analytics firm, but Cheetah Mobile says these tools aren’t installed in its apps and have nothing to do with them. Furthermore, the Chinese studio claims that the attribution reports at the heart of the matter are generated even if its apps are uninstalled.
Cheetah also claimed that Kochava and the media “intentionally exaggerated” the relationship between one of the accused apps (Kika) and Cheetah. The Chinese studio confirmed that it is an investor in Kika’s developer but asserted that it has a stake of less than five percent and no board seats. It also claimed to have investments in over 80 companies.
Cheetah Mobile has however admitted that it is cooperating with a third party security firm (Threat Hunter) and “proactively” removed two advertising SDKs (Batmobi and Duapps).
Update, November 28, 2018 (6:25PM ET): Cheetah Mobile issued a statement in response to yesterday’s report.
In the statement, Cheetah Mobile said the company “has no control over these third party advertising platforms.” According to Cheetah Mobile, 97 percent of revenue from the company’s apps are from dozens of third-party advertising platforms through SDKs. The remaining three percent are from an SDK that Cheetah Mobile developed.
Cheetah Mobile also said that it “has neither the intention or ability to direct such advertising platforms to engage in the alleged ‘click injections'” and that it “has no intention to engage in any alleged ‘click injection’ activities.”
In related news, Rosen Law Firm opened an investigation on behalf of shareholders that will look into Cheetah Mobile’s actions and what impact they had on stock prices. Depending on the results of the investigation, we might see a class-action lawsuit launched against Cheetah Mobile.
Update, November 28, 2018 (3:52AM ET): It looks like Google may have taken action of sorts in the wake of ad fraud allegations against Cheetah Mobile. But if you’re hoping for any real punishment, well, it’s not that kind of action.
Redditor LocalFigurez noticed that Google pulled a blog post discussing Cheetah Mobile’s success. The post, which highlights the studio’s in-app advertising, can still be accessed via the Wayback Machine.
The news comes after a Buzzfeed report, in conjunction with analytics firm Kochava, revealed allegations of ad fraud against the Chinese studio. It’s claimed that Cheetah apps would detect new app installs on a user’s device and then falsely claim the credit for driving the installation. You can read all about the allegations in the original article below.
Is this a precautionary move on Google’s part or a prelude to punitive measures against Cheetah Mobile? We’ve contacted the Mountain View company for comment and will update the story if we receive an answer.
Original article, November 27, 2018 (2:10AM ET): Prominent Chinese app developer Cheetah Mobile is no stranger to controversy, but the company’s apps have now been implicated in a huge ad fraud scheme.
App analytics company Kochava (h/t: Buzzfeed) found that eight apps in the Play Store, seven of which were Cheetah Mobile creations, were tracking new app installs on users’ devices. It’s alleged that they would then falsely claim credit for driving the installation of these new apps in order to claim a fee or bounty. This fee usually ranges from 50c all the way to $3 for partners who legitimately drive installations via in-app advertising or prompts.
The seven Cheetah apps are Clean Master, CM File Manager, CM Launcher 3D, Security Master, Battery Doctor, CM Locker, and Cheetah Keyboard. Buzzfeed and Kochava noted that the developer of the eighth app (dubbed Kika Keyboard) received an investment from Cheetah in 2016.
It would make for an extremely unethical move if true, because the offending apps obviously had nothing to do with driving app installs in the first place. It’s also questionable because the suspect apps would be misleading users about why they require permissions in the first place. It therefore makes you wonder what else the company is tracking or collecting for the sake of nefarious activities.
What’s the excuse for ad fraud?
Kika responded to the allegations, claiming these practices took place without their knowledge. However, further third-party analysis revealed that the company’s proprietary software was used, along with functions in the app itself. This makes it highly unlikely that someone else managed to maliciously tweak the app.
Meanwhile, Cheetah Mobile initially suggested that third-party SDKs were to blame for the dodgy activity. But when the outlet told the company that the SDK in question was owned and developed by Cheetah Mobile, the company denied that its SDKs were involved in ad fraud.
Praneet Sharma of ad fraud investigative company Method Media Intelligence told Buzzfeed that the accused apps were “wildly over-permissioned.” The Clean Master app, for example, asks for permission to record audio, take photos/video clips, read/modify your calendar (including confidential events), view your app and web browser history, and read your contacts. And those aren’t the only permissions it requires.
Sharma then called on Google to block apps with many permissions from being allowed into the Play Store. It sounds like a step in the right direction, forcing developers to pick and choose their permissions. But it might have the unintended consequence of blocking legitimate apps like launchers and Tasker.
What are the warning signs you keep in mind before downloading an app? Let us know in the comments!