Facebook said it filed a lawsuit today against two Android app developers from Asia for orchestrating a “click injection fraud” scheme against Facebook ads.
The two app developers are LionMobi, based in Hong Kong, and JediMobi, based in Singapore. Facebook said the two companies created apps with malware-like features and made them available via the official Google Play Store [LionMobi profile; JediMobi profile].
Both LionMobi and JediMobi apps were using Facebook ads to monetize their apps. Once real users installed the apps on their phones, malicious code hidden inside the apps would generate fake user clicks on Facebook ads.
These fake clicks would give the Facebook advertising platform the false impression that real users had clicked on the ads.
Using this scheme, known as click fraud, the two app makers earned money from Facebook’s advertising program, the Facebook Audience Network.
In addition, Facebook said one of the app makers — LionMobi — also advertised its malicious apps on the Facebook platform, in violation of the company’s advertising policies.
As a result of this scheme, Facebook said it had to refund all advertisers who paid to have their ads on the Facebook Audience Network platform, and had their ads clicked via this fraudulent method. This happened in March 2019.
The social network is now suing the two app makers as a result in what Jessica Romero, Director of Platform Enforcement and Litigation, called “the first of its kind against this practice.”
A Facebook spokesperson did not immediately respond to a request for comment.
Advertising click fraud in the mobile ecosystem is rampant. New Android adware strains are being discovered each month, such as adware strains like SimBad, BeiTaAd, and Agent Smith.
Google, despite advances in its app scanning capabilities, has had a hard time detecting and preventing these apps from being uploaded on the Play Store for years.
Related cybersecurity coverage: