Android Apps with 1.5M+ Installs Boost Ad Revenue with Ghost Clicks

Android Apps

Two Google Play applications that were jointly installed over 1.5 million times used a creative way to load advertisements without even displaying the user.

The stealthy technology finishes an automated ad clicking process that helps to increase the author’s income.

Impressive figures

Tactic enabled Android’s Idea Master developer to maintain their applications involved in this sort of illegal activity in Google Play for about a year two.

One app called’ Idea Note: OCR Text Scanner, GTD, Color Notes’ and enables colorful notes to be taken. It was last updated on August 23, with a count of more than 1 million installers. The average user rate of nearly 4,000 is 3.7.

The other is the’ beauty fitness: daily training, best HIIT coach ‘ fitness application, with an installation figure of over 500,000 and an average rating of 4.8 out from 3,300 reviewers.


Users who have installed these two applications are recommended to remove them, so that the adverse effect on the Android device is not experienced.

Loading clever ads

The bad activity begins with a system message via the Android Notification Manager. By clicking it, a hidden view with ads will be displayed.

Symantec’s Martin Zhang and May Ying Tee discovered the developer to use toast notifications to load advertisements. This is a way of showing the user some discreet messages, like a note that some activity happened (sending a message, downloading).


While consumers never see the advertisements, their computer experience is affected. The immediate impacts are slow and battery consumption increased.

The enhanced expenses of mobile information use are also included in the list of adverse impacts of this ghost-click method.

Both applications have long been undetected as they have a legit Android packer, which is usually used to safeguard intellectual property.

“Android packers can change the entire structure and flow of an Android Package Kit (APK) file, which complicates things for security researchers who want to decipher the APK’s behavior. “

Both applications were deleted from Google Play. However, not available in the official Android store doesn’t mean that the developer doesn’t benefit from the illegal ad income anymore. Hundreds of thousands of customers can still install either app and maintain clicking until it’s removed from the phone.

Credit: Bleeping computers

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.