How the ad fraudsters hid 2019 biggest mobile phone attacks

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Geoffrey Cleaves, Head of Secure-D at Upstream, looks at the apps responsible for the most Android-based fraud last year.

Globally, there are some 2.5 billion Android phones. They represent an opportunity for criminals and a clear and present danger to operators, advertisers, and consumers.

Android phones are vulnerable to invisible attacks from fraudsters that are totally screened from view. These attacks are happening in the background of a host of popular apps that hundreds of millions of people have already downloaded.

In the background, these rogue apps are constantly making fake clicks on adverts, or secretly signing their users up to subscription services. The advertisers are paying the App providers for these fake clicks, consumers are being falsely registered for premium services and their data bundle used by activity they have no control over or are even aware it is taking place.

For 30 operators, our platform monitors transactions for anomalies or suspicious transactions.  In 2019, we processed more than 1.71 billion mobile app transactions on those networks and blocked 1.6 billion – more than 90 per cent – that were identified as fake or fraudulent.  We also found 43 million Android handsets affected with malware.

Based on our data, here are the apps that 2019’s biggest attacks hid behind:

Vidmate

Some 128 million suspicious or fraudulent transactions were generated in 15 different countries by this app in 2019. First exposed in May, a hidden component of the app delivers fake ads and attempts to generate clicks and even purchases. This app is now only available from some third-party Android stores and not from Google’s own store. Nevertheless, this video downloading app is still available, still active, and has racked up some 500 million downloads worldwide making it the fraudster’s best friend.

4Shared

Running Vidmate a close second was the file-sharing app 4Shared.  Despite the apparent credibility of being available via the Google Play store, receiving high ratings and positive reviews from IT websites and even the Microsoft store, this app generated 114 million suspicious transactions in 17 countries.  As well as sharing files as requested by its users, 4Shared was also found to be sharing its users’ personal details in the background. After reporting the activity, Google removed the App from its Play store, but a new version reappeared the very next day and 4Shared remains a live threat.

Snaptube

Compared to the top two, only a relatively small number of devices were infected by Snaptube – just 4.4 million. Nevertheless, in just six months it was responsible for more than 70 million fraudulent transactions from those devices. The transactions were taking place behind the screen of this video downloading app popular in Egypt, Brazil, Sri Lanka, South Africa and Malaysia.  Left undetected, ad-fraudsters would have reaped $91 million from this activity first exposed in October last year. Now only available in third party app stores, Snaptube is still active and every day is making new attempts to defraud advertisers and misuse user data.

Weather Forecast

In 2019, some 27 million transactions were blocked on ‘Weather Forecast: World Weather Accurate Radar’. This forecasting app is still available on Google’s Play Store and is even pre-installed on some Alcatel Android phones. It commits advertising click fraud in the background while delivering its weather forecasts and maps in the foreground. This activity was first reported in January last year but the App is still being downloaded from Google Play and has now been installed on some ten million handsets.

Ai.Type

Being on the Google Play platform gives these rogue Apps a cloak of credibility. Customizable keyboard app Ai.Type hid behind the cloak to initiate some 14 million fraudulent transactions that unless blocked would have resulted in a $18 million haul for the fraudsters.  For apps with hidden ad malware getting on, and remaining on, the Google Play Store is a major ambition.  Ai.Type was responsible for one of the biggest spikes of fraudulent activity in 2019 and was removed by Google from its Play Store in June. Nevertheless, it is still available from some third-party stores.

There’s a lot more…

The open nature of the Android ecosystem has been a strength to help the OS become a dominant force in the handset market.  But its open nature is also responsible for its security weakness.  The Apps above are behind some of the biggest attacks of 2019, but the number of malicious apps found to be hiding fraudulent activity from view is getting longer every day.  We publish the Secure-D Index that tracks all the apps we find to be behaving badly. If any of them are living on your phone – delete them now.

 

Geoffrey Cleaves is Head of Secure-D at Upstream. Secure-D provides real time fraud detection to mobile operators and digital marketers. Having used computers to analyse data since the age of 13, Geoffrey has held tech management roles in Chile, Argentina, Spain and the United States. Prior to joining Secure-D, Geoff was Managing Director at Opticks, a fraud detection venture he helped launch in 2017. Geoff was also Compliance Director at Billy Mobile analysing some 1Bn impressions daily.

 

Google shares global smartphone location data

US tech giant Google has been using location data from Android smartphones to track changes in user behaviour coz of coronavirus.

Now it has activated a public tool, from which anyone can get a fairly comprehensive report into the mobility changes that have taken place in 131 countries and regions. A look at the UK one reveals people have mostly stopped going to recreational destinations like restaurants and museums, but 15% of them are still braving the plague for a spot of R&R. After a week of panic-buying, trips to the shops have halved, as have visits to the park.

“In addition to other resources public health officials might have, we hope these reports will help support decisions about how to manage the COVID-19 pandemic,” said the accompanying blog. “For example, this information could help officials understand changes in essential trips that can shape recommendations on business hours or inform delivery service offerings.

“Similarly, persistent visits to transportation hubs might indicate the need to add additional buses or trains in order to allow people who need to travel room to spread out for social distancing. Ultimately, understanding not only whether people are traveling, but also trends in destinations, can help officials design guidance to protect public health and essential needs of communities.”

Unsurprisingly, Google is aware of the privacy concerns many people have over their data being unilaterally appropriated and used without their explicit permission in the name of fighting the pandemic. It concluded the blog by insisting Android users don’t have anything to worry about.

“The Community Mobility Reports are powered by the same world-class anonymization technology that we use in our products every day. For these reports, we use differential privacy, which adds artificial noise to our datasets enabling high quality results without identifying any individual person.

“The insights are created with aggregated, anonymized sets of data from users who have turned on the Location History setting, which is off by default. Users who have Location History turned on can choose to turn the setting off at any time from their Google Account, and can always delete Location History data directly from their Timeline.”

User base of stripped down Android Go tops 100 million

Google has revealed that the version of its Android smartphone OS specially designed for cheaper phones is going from strength to strength.

The smartphone installed base of developed economies effectively reached saturation years ago, so pretty much all growth must now come from people who can’t afford regular devices. The only way to make really cheap smartphones is for them to use components that are below the minimum spec required to run full-fat Android, hence the invention of Android Go.

In a blog post Google revealed that more than 1,600 device models are now available in over 180 countries, meaning there are now more than 100 million active Android (Go edition) devices around the world. One of the reasons for this is special partnerships with operators such as Safaricom in Kenya, which resulted in almost a million smartphones ending up in the hands of Kenyans.

The other purpose of the blog was to promote a new Android Go feature called Camera Go. This is intended to bring some of the post-processing features many people already take for granted to low-tier devices. It also offers some kind of assistance with managing the amount of local storage space photos take up.

The app will be available on the Nokia 1.3 phone (made by HMD Global) when it comes out, which was unveiled today together with its mid and high-tier siblings (see photo below. The 1.3 will be available globally next month, costing just €95. The 5.3 will come out at the same time, costing €189 and the 5G 8.3 will set you back €649, which should make it one of the cheaper 5G phones you can get your hands on.

Google Pixel starts to challenge Samsung in UK Android market

The UK Android smartphone market is dominated by Samsung, but its OS partner is starting to pose a serious threat, according to new research.

The numbers come from analyst firm Strategy Analytics, which has been looking into the specific Android models that are sell best over here. As you can see from the table below covering Q4 2019 Samsung models, specifically the flagship S series and the cheaper A series, dominate. But for the first time Google is starting to look like a serious player in terms UK smartphone shipment volume.

“Pushing into the UK top-ten is Google Pixel 4 XL in 8th place,” said Juha Winter of SA. “Google Pixel 4 XL is proving popular in the UK due to its decent specs, big-enough screen, solid retail support from major carriers like EE, and heavy marketing promotion leading up to the Xmas shopping season. Google Pixel has also filled some of the gap left by Huawei, whose UK presence is shrinking due to ongoing US trade wars.”

“Among the Android segment, Samsung took 8 of the top 10 spots in the UK in the fourth quarter,” said Neil Mawston of SA. “Google Pixel grabbed one, and Huawei also captured one. Samsung Galaxy A70 is the UK’s no.1 bestselling Android smartphone model. It is surprising to see a midrange model at the summit of the charts.

“The A70 is a sign that some UK consumers are trading down to lower-priced devices with ‘good enough’ specs and techs. Samsung S10 is in 2nd place, and S10+ sits in 4th place. Premium smartphone models are still selling well, but less so than a few years ago.”

The overall leading models will still be Apple ones, but a reason for that is that there are so few of them. That may also be a factor in the rise of the Pixel, but it’s still intriguing to see Google’s own efforts getting some serious traction. Another probable source of appeal will be the clean user interface and the fact that Pixels get Android updates before everyone else.

Google reportedly chasing a licence to continue work with Huawei

Reports have emerged in the German press to suggest Google has submitted the paperwork with the US Government to allow Huawei to regain credentials as an Android partner.

As it stands, Google is one of the many companies which is banned from working with Huawei, according to Deutsche Press Agentu. The Huawei devices are now running a custom operating system, based on Android open source code, though it is questionable how successful this venture has been for Huawei. Since Huawei was placed on the US Entity List, no new devices have been launched with Android OS or any Google services.

Speaking at an event in London, Omdia analyst Wayne Lam said he had been tested Huawei devices, though it was immensely frustrated to have to work in the absence of any Google services or products. Lam could not see the OS being successful outside the Chinese market, though Huawei’s OS could gain traction in other nations which has a friendlier relationship with China.

For Google, this should be a red flag. Google has enjoyed the benefits which have come with an almost duopolised position in the OS market, though the threat of a third player emerging could damage this. Huawei’s OS is highly unlikely to make a dent in Europe or North America, though it could gain traction in the developing markets where the more cost-effective Huawei devices are popular.

Two devices have been launched without Google services and products to date, the Mate 30 and the Mate XS, though market share has seemingly been falling in the European markets since Huawei’s problems with the White House escalated to the Entity List.

What is worth noting is Microsoft was granted a pass by the US Commerce Department for Huawei laptops to run its Windows OS. Considering the likeness, Google employees might be confident, though the US Government has not been a champion of consistency

Huawei launches a very expensive foldy phone with no Google Play support

As is the fashion this week, Huawei converted its MWC press conference into a ‘virtual’ one and unveiled a phone that it’s hard to imagine anyone buying.

The Huawei Mate Xs is an evolution of the Mate X, the launch of which last year was muted to the point of being apologetic. Like its predecessor it’s a foldy phone that, somewhat counterintuitively, has its screen on the outside of the hinge. It’s also slightly asymmetrical, with a 6.6-inch main screen and a 6.38-inch secondary one that combine to form an 8-inch screen thanks to the magic of trigonometry.

As you would expect Huawei is ascribing all manner of bells and whistles to its new shiny thing. They include its most advanced chip, the octa-core Kirin 990 5G, a super-duper camera and even a specially designed cooling system called Flying Fish that has microscopic crevices and everything.

There’s just one problem, well two actually. The biggest problem is that it runs on Huawei’s in-house operating system: EMUI 10, which is derived from the Android kernel, but isn’t full-fat Android and isn’t supported by Google. That means it doesn’t run proper Google apps, including the play store itself, which is where you get all the others.

EMUI may well be a fine OS in its own right but, to paraphrase Peter Cook and Dudley Moore, it’s deficient in the Play Store division to the tune of one. Even if the apps Huawei has encouraged its own ecosystem to develop are comparable to Google ones, why would anyone choose to take such a leap into the unknown when there are plenty of other vendors that can offer excellent phones with the full Android experience?

There is a small market for simple phones with stripped-down Oss in some developing economies, but this phone is very much at the other end of that spectrum. In fact Huawei wants us to shell out no less than £2,299 for this substandard app experience. Even if the Mate Xs folded into an origami swan, that price would be hard to justify.

Apparently in anticipation of this launch Google published an Android support document entitled Answering your questions on Huawei devices and Google services. “Due to government restrictions, Google’s apps and services are not available for preload or sideload on new Huawei devices,” it explains, warning users away from trying other means of getting Google apps on their Huawei phones. The usual security reasons are given.

This feels like a symbolic launch. Huawei can’t be expecting more than a handful of people to drop over 2k on a compromised phone, so this seems to be a statement of defiance. Huawei is saying it’s business as usual and it’s not going to let its persecution at the hands of the US government cramp its style. We respect Huawei’s spirit in that respect, while at the same time calling into question its judgment in doing so in such an expensive and futile way.

Stop messing with our code – Google Project Zero

A Google Project Zero engineer has scolded Samsung, suggesting alterations to Android’s Linux kernel has actually made Galaxy devices more vulnerable.

While making some adjustments to Android code downstream is relatively common, rarely has Google come out in opposition. In a blog post, Jann Horn of Project Zero examined the modifications made by Samsung coming to the conclusion the firm would be better off using existing security features in the Android code.

“In my opinion, some of the custom features that Samsung added are unnecessary, and can be removed without any loss of value,” said Horn.

“That I was able to reuse an infoleak bug here that was fixed over a year ago shows, once again, that the way Android device branches are currently maintained is a security problem. While I have criticized some Linux distributions in the past for not taking patches from upstream in a timely manner, the current situation in the Android ecosystem is worse.

“Ideally, all vendors should move towards using, and frequently applying updates from, supported upstream kernels.”

In this example, Horn found a mistake in the code for the Samsung Galaxy A50. This is a single case, but as Horn states, it is very common for code to be added to the Android kernel code downstream for additional features.

In February, Samsung added an additional security features known as PROCA. Horn was able to figure out what PROCA does, perhaps limits the impact of threats already inside the security perimeters but suggests it would be more effective to add more attention to preventing access in the first place. Horn suggests this code does in fact create more issues than it does solve.

What is worth noting is that this is hardly surprising. Google wants Android to be seen as perfect. The less modifications made to Android code the more influential it becomes, so it will of course reprimand those who try to improve on what it classes as perfection. But then again, the Google engineers might have a point.

Many have tried to replicate the success of Android as a mobile operating system, including Samsung, but all have failed. Only Apple’s iOS is an alternative, though it is not a direct comparison considering only Apple uses it. If no-one is able to replicate the product, why should they be able to improve on it with their own modifications?

Essential’s attempt to reinvent the wheel has predictably failed

When Android creator Andy Rubin started a new company, big things were expected, however it now appears the ideas were far too glorious to have any basis in reality.

Essential has announced it has taken its ideas as far as it can, and it will now cease operations.

In years gone, Rubin was known as a revolutionary. The founder and creator of Android was held in high esteem, with a reputation which grew each year the operating system become more dominant in the mobile world. This was the enthusiasm which was placed in Essential, but it has been a disastrous journey.

The company was founded in 2015, with funding from Playground Global, and in 2017 Rubin revealed the company was working on a new smartphone which was dubbed the Essential Phone. The delivery of this device was full of chaos thanks to the Meltdown and Spectre vulnerabilities, supply shortage, a customer data leak and accusations of trade secrets theft. But this was only the beginning of the disaster.

Despite the rocky start, it was reported that Amazon, Tencent and Foxconn had invested in the company in August, valuing it at more than $1 billion. The belief was there, but it wasn’t until October 2018 that Rubin teased the world with the launch of another device, known as Project GEM. Unfortunately the world had to wait a year for any more information, and it was not good.

The device attempted to reinvent the shape of the smartphone, creating a device which was much slimmer. The smartphone was also designed to be more of a voice-interface device, a novel idea but perhaps miles ahead of what is technically capable or what the consumer wants.

This is the issue which Essential seems to have been facing. Rubin tried to invent a device which he believed was revolutionary rather than listening to what the consumer wants. Sometimes you have to ignore popular opinion to redefine an industry, Henry Ford famously said “if I was to listen to my customers, I would be breeding faster horses”, but this is not one of those cases.

Video consumption and mobile gaming are two of the biggest trends of the mobile world today, especially for the younger generations, those more likely to spend the big bucks on devices. However, Rubin’s devices ignore these trends, not offering enough screen real estate for such content to be relevant.

Essential’s vision got in the way of understanding what the consumer actually wants, and now the company will soon be non-existent. This should perhaps be a lesson to the innovators in Silicon Valley; revolutionary ideas have to be built on the realities of today.

Huawei builds the case for its own OS ecosystem

If US-Chinese tensions continue to remain as they are today, a separate Huawei mobile operating system looks to be a certainty but being competitive with Android is not a simple task.

Building the OS, which will be known as Harmony, is the simple part of the venture. In fairness, nailing the science and experience is anything but simple, but the complexities pale in comparison to the realities of building the supporting ecosystem and credibility. This is where Huawei will struggle, but today it has set out an interesting case at a London Huawei Developer Day.

“Today’s announcement concerning our Huawei Mobile Services offering, highlights our ongoing commitment and support for UK and Irish businesses and developers,” said Anson Zhang, MD of Huawei UK’s consumer business.

“In recent years we have grown significantly and owe our success to the consumers and partners who have chosen and believed in us. As a sign of that support and commitment to the UK and Irish market, we have announced our £20 million investment plan to recognise and incentivise our partners; so that jointly we can build an outstanding ecosystem together.”

Irrelevant as to whether Huawei has the best phones on the planet and the smoothest running OS, if there are no compatible games in the app store, few consumers are going to have an interest in purchasing the device. Huawei has to engage the developer community and convince them it is in their interest to make a third version of the app on top of efforts for Android and iOS.

Back in September, Huawei said it would be investing $1.5 billion to build-out its developer ecosystem. At today’s event, Zhang highlighted £20 million would be set aside specifically for the UK, while any developer which can publish its app on the Huawei App Gallery before January 31 would be entitled to a £20,000 incentive payment.

This is perhaps the most important and difficult job for Huawei over the coming months. The company does not have the same scale, or credibility, as its OS competitors in Apple or Google. It might well claim to have 600 million users worldwide currently, 4 million alone in the UK, but how many of these users are engaging Huawei by choice?

Your correspondent has a Huawei Mate 20 device, and presumably is one of the 4 million Huawei Mobile Services users in the UK, but the Google Play Store, YouTube, Chrome and Gmail are still used exclusively over the Huawei alternatives. Google’s services are not on new Huawei devices, and at the moment, that would certainly stop your correspondent from buying any Huawei products in the future.

This is the chicken and egg situation in play. Huawei needs to convince both the consumer and the developer ecosystem to put faith in it. Consumers will not come without apps and apps will not be developed without consumers. Some might, but nothing in comparison to the scale of the Google app ecosystem.

And so, the Huawei pitch begins, and there some very good ideas.

The first interesting idea presented by Huawei is the idea of more intelligent contextualisation. The different segments in the ecosystem are linked, allowing for a recommendation engine to offer more interesting results. If a user is a big Terminator fan, for example, the video store will recommend relevant titles, but then the music store will factor in this preference and the app store will start pushing first-person shooting games up the listings. It is taking context one step further, which does sound appealing.

Another idea to improve user acquisition is to develop customisable themes and backgrounds for the user which can be linked to apps and content. Jaime Gonzalo, VP Consumer Mobile Services, highlighted there are between 4,000 and 6,000 new apps published each month. To cut through this digital noise, there needs to be a more intelligent approach to user engagement and acquisition.

One very attractive point made by the team is the opportunity for scale which Huawei can offer. China is one of the most lucrative markets around for any app developer, and Huawei, as the telecom champion of China, can potentially offer access to the users in a way Google or Apple could not compete with. This is a very attractive carrot for the developer community.

Another final point on the business side, is the idea of local engagement. Huawei has said each market will have a local business development and operational team to aid the local developer community. Gonzalo claims to be the only business which can offer this USP, demonstrating the importance of this initiative.

Huawei is throwing money at the situation, almost making the creation of a deep developer ecosystem a loss-leader, because it recognises how critical it is to ensure the consumer business survives internationally. This might sound like a dramatization of the status quo, but as long as Huawei remains on the US Entity List, and banned from working with Google, its device business is in a very precarious position.

Looking at the more technical side, Andreas Zimmer, who works in strategy team, highlighted there are currently 24 software development kits (SDK) available for developers in the ecosystem, with plans to launch more in the coming months. Interesting enough, Zimmer claims only one is needed to make the very simple translation from Android and into the Huawei developer ecosystem.

The majority of the SDKs are as one would expect, but there were a couple which Zimmer wanted to push forward for attention.

Firstly, the Machine Learning SDK. This kit allows developers to integrate new AI components into the app, such as face detection, landmark recognition, emotion detection or object detection. Another Zimmer pushed forward was the Awareness kit. This SDK allowed the app to have greater contextual awareness, for example, understanding what time of the day it was, whether a headset is plugged in or the location of the user.

Both of these SDKs are very useful for enthusiastic and creative developers, but the question remains is whether Huawei has done enough to convince the developer community.

The Huawei consumer business is facing a serious threat. If it wants to continue to be an international brand, the Harmony OS needs to work and for this to happen, it needs to be embraced by the developer community. Consumers are tied to Android today, and it will take a serious swing for Huawei to crack this dominance in the Western markets.

Huawei’s OS will almost certainly be a success in its domestic Chinese market, and others were there are strong political ties. But the Huawei ambition is bigger than simply being a dominant domestic champion. As long as the US remains hostile to China and Huawei stays on the Entity List, the international future of the consumer business relies on the success of Harmony OS and the developer ecosystem.

Huawei promises to launch P40 with Google service replacement, reports say

Huawei has told the media that P40, the company’s next flagship smartphone will be launched with its own mobile service suite but will be built on Android 10 instead of its own HarmonyOS.

Richard Yu, CEO of Huawei Technologies Consumer Business Group, told a group of journalists from the French media that the company’s next flagship smartphone, the P40 (and likely P40 Pro), will be launched at the end of March 2020 at a special event in Paris. The exact date is yet to be announced. Yu promised the media representatives, who were on a press tour to the company’s headquarters in Shenzhen, that the phone will be in a design never seen before (“jamais vu”), with improved photography quality, better performance, and boosted automation.

Yu also confirmed that the phone will be built on Android 10 with Huawei’s customised user interface, EMUI. This is consistent with the company’s earlier announcement that its own operating system, HarmonyOS, will not be powering smartphones or tablets in 2020. Instead it will be used on other connected devices, including smart TVs and wearables.

Meanwhile, the Indian newspaper The Economic Times quoted Charles Peng, the CEO of the Huawei and Honor brands in India in Huawei’s Consumer Business Group, as saying that P40 will come equipped with Huawei Mobile Services (HMS), in place of Google Mobile Services (GMS). Both brands from Huawei as well as Oppo, another Chinese smartphone maker, were reported to have approached app developers to make the top apps in India available for HMS as well as for Oppo’s own Color OS.

“We have our own HMS and are trying to build a mobile ecosystem. Most of the key apps such as navigation, payments, gaming and messaging will be ready soon.” Peng told The Economic Times. Frandroid, a French media outlet, noted that HMS should be ready at the same time as the launch of P40.

The Economic Times reported that Huawei offers developers up to $17,000 for making their apps available for HMS, supported by Huawei’s $1 billion global fund the company announced earlier this year. Oppo’s coffer “to develop a “new intelligent service ecosystem” is reported to amount to $143 million.

It is worth highlighting that having the most popular third-party apps in a certain market (India, China, for example) available for HMS is different from bypassing GMS. The core Google services and APIs, including Chrome browser, YouTube and YouTube Music, Play Store, Google Drive, Duo, Gmail, Maps, as well as Movies and TV, are optimised to work with the Android operating system. Most importantly, there is Google’s fundamental “search” capability that powers everything else.

Developing its own operating system as well as an overall mobile ecosystem has long been on Huawei’s card. As Ren Zhengfei, Huawei’s founder, told media earlier, the work, as well as in-house chipset development capability, started long before Huawei ran afoul of the US government. However, the company has learned it the hard way that such tasks are more difficult than building a nice phone. Richard Yu had to renegade on his own promises more than once. Shortly after Huawei was put on the Identify List Yu said that the company’s own operating system would be able to power its new smartphones by the end of this year or the beginning of next. That has now been officially denied when HarmonyOS’s positioning was clarified. Yu also said, prior to the launch of P30 in September that there would be a workaround solution to load GMS on the new smartphone. That did not happen either.

Consumers may also find Huawei’s narrative less than convincing. As IDC’s Navkender Singh put it to The Economic Times, “There will be a breakdown of the conversation that Huawei or Honor devices will have OS and app store issue. It is going to be very tough for Huawei/Honor to sell the phone based on their own suite.”