A SWATHE of sophisticated bots were able to bypass Google's checks to put a giant fraud operation at the heart of the Google Play Store.
An investigation by Buzzfeed News found a total of 125 apps which were bought by a company called We Purchase Apps or one of its employees, Tzachi Ezrati. The prices were generous and the payments in Bitcoin, whilst the contact details for the company - with a UK phone number and a US residential address - showed that things were not as they seem.
Once the developers sold their apps, they were updated to show that they were owned by various companies in Bulgaria, Cyprus and Russia.
Of course, as you've probably guessed by now, the deal appears not to be on the level and, in fact, the apps became part of an advertising fraud scheme where advertisers were forced to pay up for ad placements that were in fact only ever seen by bots.
So where do our zombie apps come in? Well, it seems the gang used the real human behaviour of these established apps to train a neural network to imitate them, thus avoiding detection by Google's systems.
The upshot is that anyone using one of the 125 apps was being tracked, recorded and in a small way cloned. This included a number of apps aimed at kids and teenagers.
In total, it is estimated that the apps have been downloaded a total of 115 million times, with one app alone clocking 20 million hits.
The apps are owned by multiple firms in multiple countries to disguse the size and scale of the scheme. When one fraud detection company, Pixalate, spotted part of the scheme and suggested it could be worth $75m per year in fraudulent ad-revenue, an anonymous message was received from someone close to the fraudsters suggesting that the real number is 10x that.
Google has already removed 40 apps, and blocked access to several websites, as well as closing down a number of developer accounts.
Official estimates suggest that in total $10m was snaffled before the scheme was brought down. Google's more relaxed attitude to the Play Store compared to Apple's App Store has caused criticism in the past and it looks like as this case blows up, Google will once again be forced to explain itself. μ
Take that parcel thieves. Actually no, don't
Litter Tray Bien
It's the U2 debacle all over again