Search This Blog

Powered by Blogger.

Blog Archive

Labels

Stolen Application modified with spam code to earn money through AirPush

While browsing in Reddit, Tim @KasperskyLab found that one of the popular developer's application was stolen by another developer who modified the code with spam code and publish it as his own application in his account.

The app, called ElectricSleep was originally created by Jon Willis. You can find it here.

ElectricSleep is an alarm clock that records your sleep cycles and wakes you up gently during a light sleep cycle. The sleep data it records is saved and analyzed so that you can understand and improve upon your sleeping habits.
When Tim compared the stolen app with original one, he discovered that stolen app asked for location permission.  The original app won't do this. So he started to research the stolen app code.

As the result of Research, he discovered that a Pay-Per-Install library was added to the original code. The library comes as part of an SDK from a company called AirPush:


Airpush pushes advertisements to end users, and these ads generate revenue for the app developer, or in this case, the app copier.


Using this ads an developer can earn $6 - $40 range for every time 1,000 impressions are made.

The offending app has since been removed, but the developer account of the infringer is still active.

Users are no doubt sick of intrusive advertising without warning. As a result, another developer has released “AirPush Detector” which is capable of detecting advertising frameworks installed in apps.

"While these Pay-Per-Install services are not illegal, they can be intrusive, and stealing apps just to add on advertising code is definitely in violation of the Android developer License agreement." Tim said.
Share it:

Spam Report