One of Android’s biggest apps was caught making purchases for users without consent

One of Android’s biggest apps was caught making purchases without user permission.

July 3, 2019

Security researchers at Upstream say the media file-sharing service 4shared is running invisible ads and subscribing users to paid services without their knowledge, TechCrunch reports.

Upstream says the app used suspicious “3rd-party” code that is “directly responsible” for automating clicks and setting cookies (the internet kind) as bread crumbs to keep track of which devices have been used to make purchases — a scheme that could be costing users millions of dollars.

The Elephant (Data) in the room

Hong Kong-based Elephant Data is the mysterious 3rd party that built the component — a company that bills itself as a “market intelligence” solution designed to “maximize ad revenue,” on its, uh, rather nefarious-looking website.

The ad firm didn’t respond to our request for comment, but a spokesperson for 4shared confirmed with TechCrunch that the company was unaware of any sneaky purchasing, and no longer uses Elephant Data services in its app.

Problem is…

4shared wasn’t allowed to push an update to users before the app was resubmitted for approval, so the company couldn’t fully remove Elephant Data’s software from users’ devices.

A platform with 10m users and 100m installs…

2nd time in 2 months

In May, BuzzFeed reported similar behavior from a different trigger-happy fraud shopper on the Android App store with the Alibaba-backed video app VidMate.

Join 1.5m+ professionals getting The Hustle daily news brief

Business and tech news in 5 minutes or less

100% free, no ads or spam, unsubscribe anytime


How'd Bezos build a billion dollar empire?

In 1994, Jeff Bezos discovered a shocking stat: Internet usage grew 2,300% per year.

Data shows where markets are headed.

And that’s why we built Trends — to show you up-and-coming market opportunities about to explode. Interested?

Join us, it's free.

Look, you came to this site because you saw something cool. But here’s the deal. This site is actually a daily email that covers the important news in business, tech, and culture.

So, if you like what you’re reading, give the email a try.

If you don’t like it, unsubscribe any time. Privacy policy.