Researchers have discovered two Google Play apps with more than 1.5 million downloads engaging in a new form of click fraud that drained batteries, slowed performance, and increased mobile data usage of infected phones.
The apps—a notepad app called Idea Note: OCR Text Scanner, GTD, Color Notes and a fitness app with the title Beauty Fitness: daily workout, best HIIT coach—carried out the stealthy form of fraud for almost a year until it was discovered by researchers at security firm Symantec. Google removed them from Play after receiving a private report.
The newly discovered tactic positioned advertisements in places that weren’t visible to end users—specifically in messages displayed in the nether regions of infected phones' notification drawer. When a user clicked on the notification, Android’s Toast class opened the ad, but in a way that wasn’t visible to the user. The technique worked by opening a Canvas and using the translate() and dispatchDraw() methods to position the ads beyond the viewable screen area of the infected device. The result: the app could report a revenue-generating ad click even though users saw nothing.