With over 2.6 million applications to account for in the Play Store, Google is constantly at war with fraudulent and malicious apps plaguing their ecosystem. At the same time, Google tries to promote high-quality apps for users to enjoy, although sometimes the apps they select are of dubious quality. Cheetah Mobile is perhaps one of the most infamous development companies among our users because of their practice of collecting data on users and serving tons of sketchy advertisements. Their acquisition of QuickPic led many XDA members to scramble for an alternative to the once highly-recommended gallery app. But despite the poor quality of Cheetah Mobile's products, we never had any reason to suspect them of anything truly malicious - until now. The latest research from Kochava has provided evidence to BuzzFeed News that several Android apps from Cheetah Mobile, and one from Kika, are allegedly engaging in ad fraud.

Some background

Cheetah Mobile, while best known for developing applications on Android, is a company that actually focuses on selling data*. They don't hide this fact at all, though it's something that many users are oblivious to. However, it's hard for users to tell exactly how Cheetah Mobile is using the data they collect. Clean Master, an application by CM with more than 1 billion downloads, is designed to clean the cache on an Android device. Kochava accuses Cheetah Mobile of using additional permissions in apps like Clean Master as part of an ad fraud scheme, however.

Kika Keyboard is a popular third-party keyboard app on the Play Store with over 200 million downloads, according to AppBrain. Kika Keyboard is not owned by Cheetah Mobile, but the app has also apparently been found to engage in similar practices.

*Cheetah Mobile operates a service called "Cheetah Data" which "constructs comprehensive product indices based on the huge amount of data accumulated through Cheetah Mobile's product matrix." Thanks to Till Kottmann for pointing us to this!

Ad fraud

To recoup the costs of development, some developers generate revenue by placing advertisements in their applications. Developers can sometimes get a bonus for referring users to install other applications displayed in the ads. The bonus can vary from $0.50 to $3.00, typically. The system works like this: You display an advertisement showing another application, the user downloads the sponsored application and runs it, then the application which sponsored the ad will award a bonus to the referring app developer. Kochava alleges, via the report from BuzzFeed News, that Cheetah Mobile is claiming bonuses for referrals when their apps may not play a direct role in referring the user to download an application. If true, this would net CM money both from Google and the developers who monetized their app via advertisements. Here is how the ad referral process typically (left picture) works versus a hypothetical hijacked ad referral process (right picture). Images courtesy of BuzzFeed News.

This would be made possible by tricking the Google Play Install Referrer API, which CM Master and most of CM's apps have access to. Kochava's research also found that Cheetah Mobile mostly uses in-house developed libraries and APIs in their applications as part of this scheme, which Cheetah Mobile states were all third-party APIs they had no control over.

Affected apps

Here is a list of the apps that were caught allegedly participating in the fraudulent ad scheme. If you have any of them installed on any of your Android devices, we recommend uninstalling them immediately.

  1. Clean Master
  2. Security Master
  3. CM Launcher 3D
  4. Kika Keyboard (owned by Kika Tech)
  5. Battery Doctor
  6. Cheetah Keyboard
  7. CM Locker
  8. CM File Manager

What's alarming is that some of the biggest device manufacturers in the world have used these applications in the past. For example, Samsung promotes Clean Master by implementing it in Samsung Experience and guiding users about installing the app. Microsoft has partnered with Cheetah Mobile to implement Cortana, the company's digital assistant, in CM Launcher 3D.

Conclusion and Statements from Cheetah Mobile

Just as you've suspected, Cheetah Mobile's main interest is in selling your data. But this latest development shows that they may be willing to go above and beyond in using the permissions granted to their apps. The ad fraud scheme, if true, abuses user trust and steals revenue from not only Google but also developers that should be receiving the referral bonus in the first place. We hope that Google continues their investigation of these apps and if they corroborate Kochava's findings, to remove them from the Play Store. As for users, we recommend you uninstall the apps listed in the previous section while keeping in mind that the list may not be comprehensive. To keep your device secure, make sure to always check the permissions an application is requesting and do some research on the team behind the app.

If you wish to read the full statements offered by both Cheetah Mobile and Kika, follow the link here to the original Buzzfeed News report. Cheetah Mobile has also followed up on this matter via a press release, stating that the company "is in communication with all SDK providers to investigate the allegations." The press release goes on to state that CM "is committed to preventing any SDKs integrated in its apps from engaging in inappropriate activities and will suspend the business cooperation with any SDK providers if they are found to be engaging in fraudulent activities." In a second follow-up press release, the company states that they have "no control over these third party advertising platforms" and "neither the intention or ability to direct such advertising platforms to engage in the alleged 'click injections.'" Lastly, CM has announced that they have "plans to take legal actions" against parties such as Kochava and others that they believe have "generated and disseminated those untrue and misleading statements."

Update: Google Removes Two Apps

Google has responded to the report by removing CM File Manager and Kika Keyboard from the Play Store, according to BuzzFeed News. "We take these allegations very seriously and our Google Play Developer policies prohibit deceptive and malicious behavior on our platform. If an app violates our policies, we take action,” a Google spokesperson told BuzzFeed News. Cheetah Mobile and Kika can appeal the decision, but BuzzFeed News reports that both apps have been removed from Google's AdMob mobile advertising network. Cheetah Mobile issued a press release in response to the removal of CM File Manager, stating that CM File Manager is an "immaterial app in terms of revenue contribution to the Company." Both Battery Doctor and CM Launcher were voluntarily removed by Cheetah Mobile after the report was first published, but have yet to return to the Play Store. For more information, please read the original BuzzFeed News report.


This article was updated on 11/27/18 at 7:58PM CT to reflect Cheetah Mobile's stance on the APIs that were alleged to be used for the ad fraud scheme.

This article was further updated on 11/28/18 at 9:44AM CT in response to inquiries from Cheetah Mobile's legal team.

This article was updated on 12/4/18 at 2:14PM CT to add Google's response to the allegations.