Search This Blog

Showing posts with label Advertisement. Show all posts

A Nearly $400 Million Fine Has Been Imposed on Google by the States

 

In a settlement over Google's location tracking practices, Google will have to pay close to $400 million to over 40 states. This is part of a $2.6 billion settlement to settle the matter as announced on Monday. 

Attorney General Rosenblum led an investigation into the multinational technology company that has its headquarters in Mountain View, California, along with Nebraska Attorney General Doug Peterson. According to the Oregon Attorney General's office, this is the largest consumer privacy settlement ever brought by an attorney general. 

In 2018, Rosenblum and other attorneys general started a bipartisan investigation into the company's practices based on an article published by the Associated Press. They found that Google had created confusing settings for consumers since at least 2014, and had been violating state consumer protection laws as a result. 

Rosenblum's office explained how the public was misled. According to the settlement agreement, Google misled its users into believing that they had turned off location tracking in their account settings. In fact, Google continued to collect their location information as indicated in the settlement. Further, in conjunction with the multimillion-dollar settlement, Google has agreed in the negotiations with the AGs to improve its user controls and disclosures about location tracking by 2023. 

To make sure users receive targeted advertisements, Google uses location data, as well as other types of personal information. In the view of Rosenblum's office, users' location data is among the most sensitive pieces of information that are collected by the company. This is because it is part of its attempt to create detailed profiles of them which can further be used in order to completely reveal the identity and routines of a person. 

In Rosenblum's view, "Google has prioritized profit over the privacy of its users for years. There has been a lot of deception and craftiness on their part. The company has been secretly recording the movements of consumers throughout the day and using that information for advertising purposes in spite of the fact that they thought they had turned off location tracking on Google." 

Besides paying $391.5 million, Google has also been ordered to make key information about location tracking unavoidable for users (not hidden). Google is now required to give users detailed information on a page titled “Location Technologies” about the types of location data it collects and how it is used. 

In addition to Arkansas, Florida, Illinois, Louisiana, New Jersey, North Carolina, Pennsylvania, and Tennessee, there were many other states that were part of the settlement. 

Among the states that have joined this settlement are Alabama, Alaska, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Iowa, Kansas, Kentucky, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nevada, New Mexico, New York, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Utah, Vermont, Virginia, and Wisconsin. 

"Consumer privacy is one of my office’s top priorities. That’s why it’s so significant to me that Oregon played a key role in this settlement," Rosenblum further stated. "Until we have comprehensive privacy laws, companies will continue to compile large amounts of our personal data for marketing purposes with few controls."

Scylla: Ad Fraud Scheme in 85 Apps with 13 Million Downloads

 

Security researchers have exposed 85 apps involved in the ongoing ad frauds campaign that began in 2019. 75 apps of these apps are on Google Play, while 10 are present on the App store. The apps have collectively more than 13 million downloads to date. 
 
Researchers from HUMAN’s Satori Threat Intelligence have collectively named all the mobile apps that are being identified in the ad fraud campaign as ‘Scylla’.  
 
The malicious apps flooded the mobiles with advertisements, both visible and hidden ads. Additionally, the fraudulent apps garnered revenue by impersonating as legitimate apps in app stores. Although these apps are not seen as severe threats to the users, the adware operators can use them for more malicious activities.  
 
According to the researchers, Scylla is believed to be the third wave of an ad fraud campaign that came to light in August 2019, termed ‘Poseidon’. The second wave, called ‘Charybdis’ led up to the end of 2020. 

The original operation, Poseidon comprised over 40 fraudulent android apps, designed to display out-of-context ads or even ads hidden from the view of mobile users. 
 
The second wave, Charybdis, was a more sophisticated version of Poseidon, targeting advertising platforms via code obfuscation tactics. Scylla apps, on the other hand, expand beyond Android, to charge against the iOS ecosystem. In addition to this, Scylla relies on additional layers of code obfuscation, using Allatori Java obfuscator, making it hard for the researchers to detect or reverse engineer the adware. 
 
These fraudulent apps are engineered to commit numerous kinds of ad frauds, including mimicking popular apps (such as streaming services) to trick advertising SDKs into placing their ads, displaying out-of-context and hidden ads, generating clicks from the unaware users, and generating profit off ads to the operator. 
 
"In layman's terms, the threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they're pretending to be is worth more to an advertiser than the app would be by itself," states HUMAN security. 
 
According to the sources, the researchers have informed Google and Apple about these fraudulent apps, following which the apps are being removed from Google Play and App Store. Users are recommended to simply remove the apps if they have downloaded one of the suspected adware by any chance. 
  
Furthermore, with regards to the increasing frauds, the Satori researchers have suggested certain precautionary measures that could be taken into account for the user to not fall for the adware frauds. It includes examining their apps before downloading them, looking out for apps that you do not remember downloading, and avoiding third-party app stores that could harbor malicious applications.

 US Reclaimed $15 Million From an Ad Fraud Operation

 

The US government has recovered more than $15 million in earnings from the 3ve digital advertising fraud enterprise, which cost firms more than $29 million in unviewed ads. 

Sergey Ovsyannikov, Yevgeniy Timchenko, and Aleksandr Isaev, according to the Justice Department, accessed more than 1.7 million infected computers between December 2015 and October 2018, using tens of command and control (C&C) servers as the Kovter botnet, a click-fraud malware would quietly run in the background while connecting to sites to consume advertisements. 

A forfeiture order, according to the Justice Department, resulted in the transfer of $15,111,453.84 from Swiss bank accounts to the US government. The technique resulted in the falsification of billions of ad views and the spoofing of over 86,000 domains. According to the US Department of Justice, groups paid over $29 million for advertising never seen by real people. 

Ovsyannikov and Timchenko were arrested in 2018, pleaded guilty, and sentenced to jail terms in the United States. For this role in 3ve (pronounced "Eve"), Isaev and five others are accused of money laundering, wire fraud, computer intrusion, and identity theft, yet they stay free. 

The US also charged Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, and Dmitry Novikov, five Russian citizens, with running the Methbot ad fraud scheme, which is thought to have netted the fraudsters more than $7 million in illegal gains. 

"This forfeiture is the greatest international cybercrime recovery in the Eastern District of New York's history," said United States Attorney Peace in a press statement.

Google Is Supplying Private Data to Advertisers?




A big time accusation on Google is allegedly in the wind that it’s surreptitiously using secret web pages to give away data to advertisers.

Per sources and the evidence provided it’s being said that maybe Google is dealing in data without paying much attention to data protective measures.

The matter is under investigation and is a serious matter of research. Apparently the sensitive data includes race, political and health inclinations of its users.

Reportedly, the secret web pages were discovered by the chief policy officer of a web browser and they’d also found that Google had tagged them with identifying trackers.

Allegedly, using that very tracker, Google apparently feeds data to advertisers. This is possible an attempt at predicting browsing behavior.

According to sources, Google is doing all it can to cooperate with the investigations. The Google representative also said that they don’t transact with ad bidders without users’ consent.

Reportedly, Google has mentioned previously that it shall not “share encrypted cookie IDs in bid requests with buyers in its authorized buyers marketplace”.