back to article Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data

A major ad fraud operation could be sucking your phone of juice and using up more than 10GB of data a month by downloading hidden vids, Oracle has claimed. The database vendor has dubbed the dodgy data slurper DrainerBot, and said it uses infected code on Android devices to deliver fraudulent, invisible video ads. Infected …

  1. Version 1.0 Silver badge

    SNAFU again

    But aren't "fake ad impressions" standard these days? None of the gaffa advertising companies (Google, Apple, Feckin' Facebook, and Amazon) really care because they have their fingers in the cash stream pulling out their profits for "advertising" ...

  2. Paul Smith
    Devil

    Cushty!

    Oracle acquires an ad-tracking company, gets it lots of publicity by publicizing a 'major' fraud, and then blames a competing ad-tracking company for involvement with the fraud. Everything above board as usual.

  3. Isn't it obvious?

    Obviously as much as Apple is labeled a control-freak for their vetting of applications (and granting they're not perfect), their approach in general is producing better results than Google's more hands-off approach.

    Of course even that doesn't solve the problem until you force all updates to go through the store as well, but that change should be an absolute no-brainer IMO. So it costs more to push an app or update into the store. So what? Google is collecting a hefty percentage of the price, they can afford to spend a bit more on review. And if they have to charge a non-zero fee per app? Based on what I've seen in the store, a slightly higher barrier to entry is maybe exactly what is required.

  4. Anonymous Coward
    Anonymous Coward

    Liability ?

    If I buy something from a shop, they have a duty of care in UK consumer law.

    So what about the app stores ?

    1. JulieM Silver badge

      Re: Liability ?

      Nah, they don't count. Using a computer, see. Totally different!

      Advertisements in newspapers that might otherwise be mistaken for editorial content are required to carry the words "ADVERTISEMENT FEATURE", in a font no smaller than the advertisement text. But on the Internet, there is no requirement to mark out advertisements from editorial -- and some Internet companies appear to be actively frustrating attempts to detect unwanted content. Which is not illegal, because it's not a printed publication and therefore not the same thing.

      An app store isn't selling you a product; it's selling you a licence to use a product in certain ways and subject to certain conditions. And being completely different from an actual bricks and mortar store that sells product, they have absolutely no duty of care to you. Because everything is completely different if a computer is involved, and altogether different again if the "computer" happens to be pocket-sized. </sarchasm>

      1. Mark 85 Silver badge

        Re: Liability ?

        Sarcasm? I think you're closer to the truth than you realize. Government types (who actually write the laws) haven't a clue....

        1. Mike 16 Silver badge

          Re: Liability ?

          You may be leaning a bit too heavily on Hanlon's Razor, and not enough on Occam's.

          If a group is doing something dodgy, and your representatives seem curiously hesitant to address the issue, ignorance is probably somewhere in the mix, but is probably not as relevant as brown envelopes.

          Sufficiently advanced cluelessness is indistinguishable from malice.

      2. Richocet

        Re: Liability ?

        If you look at the history of the printing press, there is a parallel with what is happening with the wild west of internet publishing.

        Rampant publication of false critical stories about kings, queens, and those in power triggered the creation of libel laws. This may be how the internet gets cleaned up. Get your popcorn and wait.

    2. Anonymous Coward
      Anonymous Coward

      Re: Liability ?

      Well I'm sure you will be fully entitle to a full refund of the cost of the app.

      You want damages? The same way as you would with a normal store, you'll need to sue in the court for it. But that would be very difficult and costly and therefore not worth, I expect.

      That is the unfortunate state of things.

  5. Anonymous Coward
    Anonymous Coward

    No Duh!

    "DrainerBot-infected apps can cost users hundreds of dollars in unnecessary data charges while wasting their batteries and slowing their devices."

    As opposed to, say, legitimate apps that play video adds every few seconds.

    1. bombastic bob Silver badge
      Unhappy

      Re: No Duh!

      yeah, the whole "ads in apps" thing _IS_ pretty nauseating...

      The 'droid sandbox is imperfect, people allow permissions for things they don't need "that" for, and so on.

      Recently a relative got a 'droid phone. I went over the settings and SPECIFICALLY disabled location data for this one art application. Why did an ART application need LOCATION DATA??? yeah. It works fine without it, but it nagged to re-enable it the first time it was loaded after changing the settings...

      1. Anonymous Coward
        Anonymous Coward

        Re: No Duh!

        I created an app and required read/write SMS, Location, Read external Storage and Read Phone State (for some Android versions). However all these functions were genuinely required for the app to function and careful though was made to ensure that I didn't ask for a permission if I could code around it.

        Any app that asks for excess permissions*, then delete it. It means their App developer is trying to do things they shouldn't and therefore you should trust the whole app as that is unlikely to be the only little data stealing they do.

        *Make sure that the app doesn't genuinely need those permissions, some permissions are required for a genuine need although not always entirely obvious and sometimes Android forces you to ask for permissions even if you as an app developer don't want to use them.

  6. Mike Moyle Silver badge

    Say what...?

    "Openness and transparency is paramount in the mobile advertising industry..."

    That's comedy gold, that is!

    1. Voyna i Mor Silver badge

      Re: Say what...?

      No, it's correct. Your phone is open and transparent to our invasiveness.

      We didn't say who it was who was open and transparent.

    2. veti Silver badge

      Re: Say what...?

      You can't get much more "transparent" than an invisible ad.

  7. Captain Scarlet Silver badge
    Coffee/keyboard

    Hangon

    If an app is using that much data why can't users see it in their bandwidth usage?

    1. doublelayer Silver badge

      Re: Hangon

      They can. If they routinely monitor their bandwidth usage. If not, they will still see it. On their bill. With a request for overage charges right under it. You don't think the mobile companies are going to warn them of unusual and possibly risky activity on their device that would make the mobile network less efficient do you? They don't have the time for that, and it's definitely not because they like to dole out overage charges.

    2. DougS Silver badge

      If the malware writers are smart

      They'll make it only do the ad downloads when connected to wifi, thus greatly reducing the chances people will notice it. If you have a plan with only a couple GB like I do, you'd get a notice from your carrier that were approaching/over your limit in less than a week!

      Since most phones are connected to wifi most of the time, this wouldn't impact their per phone earnings much but it would greatly increase the lifespan of the malware on a given phone.

  8. tcmonkey

    Big Red doing something that appears (at least on the surface) to be in the interest of consumers!? Blimey, I didn't realise it was already April! ...What's that? February you say? Are you sure? Well then...

  9. Dabbb Bronze badge

    Blokada

    Google it.

  10. Anonymous Coward
    Anonymous Coward

    Speaking of Ad Fraud

    It's been over a month since TCL/Alcatel's app was reported to have been commiting ad fraud and attempting to sign users up to paid services without their knowledge or consent and still no official word from TCL on the matter.

    https://www.upstreamsystems.com/secure-d-uncovers-pre-installed-malware-alcatel-android-smartphones-manufactured-tcl/

    Another strange thing is that TCL's cloud seems to have been registered to a private IP address which has caused problems for some users.

    $dig gwrtdp.tclclouds.com. 600 IN A 192.168.33.33

  11. Anonymous Coward
    Anonymous Coward

    Monkey see..

    If anyone should know a scam when they see it, it's Oracle. After all, it's their core business model.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019