Security Blog
The latest news and insights from Google on security and safety on the Internet
Tackling ads abuse in apps and SDKs
7 de diciembre de 2018
Posted by Dave Kleidermacher, VP, Head of Security & Privacy - Android & Play
Providing users with safe and secure experiences, while helping developers build and grow quality app businesses, is our top priority at Google Play. And we’re
constantly working
to improve our protections.
Google Play has been working to minimize app install attribution fraud for several years. In 2017 Google Play made available the
Google Play Install Referrer API
, which allows ad attribution providers, publishers and advertisers to determine which referrer was responsible for sending the user to Google Play for a given app install. This API was specifically designed to be resistant to install attribution fraud and we strongly encourage attribution providers, advertisers and publishers to insist on this standard of proof when measuring app install ads. Users, developers, advertisers and ad networks all benefit from a transparent, fair system.
We also take reports of questionable activity very seriously. If an app violates our
Google Play Developer policies
, we take action. That’s why we began our own independent investigation after we received reports of apps on Google Play accused of conducting app install attribution abuse by falsely claiming credit for newly installed apps to collect the download bounty from that app’s developer.
We now have an update regarding our ongoing investigation:
On Monday, we removed two apps from the Play Store because our investigation discovered evidence of app install attribution abuse.
We also discovered evidence of app install attribution abuse in 3 ad network SDKs. We have asked the impacted developers to remove those SDKs from their apps. Because we believe most of these developers were not aware of the behavior from these third-party SDKs, we have given them a short grace period to take action.
Google Ads SDKs were not utilized for any of the abusive behaviors mentioned above.
Our investigation is ongoing and additional reviews of other apps and third party SDKs are still underway. If we find evidence of additional policy violations, we will take action.
We will continue to investigate and improve our capabilities to better detect and protect against abusive behavior and the malicious actors behind them.
No hay comentarios :
Publicar un comentario
Etiquetas
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2024
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2023
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2022
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2021
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2020
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2019
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2018
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2017
dic
nov
oct
sept
jul
jun
may
abr
mar
feb
ene
2016
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2015
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
ene
2014
dic
nov
oct
sept
ago
jul
jun
abr
mar
feb
ene
2013
dic
nov
oct
ago
jun
may
abr
mar
feb
ene
2012
dic
sept
ago
jun
may
abr
mar
feb
ene
2011
dic
nov
oct
sept
ago
jul
jun
may
abr
mar
feb
2010
nov
oct
sept
ago
jul
may
abr
mar
2009
nov
oct
ago
jul
jun
mar
2008
dic
nov
oct
ago
jul
may
feb
2007
nov
oct
sept
jul
jun
may
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
No hay comentarios :
Publicar un comentario