I know this is going to be shocking, but Cheetah Mobile may be involved in some very shady dealings. According to app analytics firm Kochava, Cheetah Mobile and an associated company called Kika Tech are using extensive permissions in their Android apps to fraudulently claim commissions for app installs from advertisers. The eight apps detected by Kochava have more than 2 billion downloads in the Play Store and around 700 million active users.

Seven of the potentially fraudulent apps are from Cheetah Mobile, and you've probably heard of them: Clean Master, Security Master, CM Launcher 3D, Battery Doctor, Cheetah Keyboard, CM Locker, and CM File Manager. The last app is Kika Keyboard from Kika Tech, which got investment cash from Cheetah in 2016.

At the heart of the alleged scam is the way advertising platforms push new apps. If you see an ad, you might end up clicking, downloading, and installing that app. Advertisers might pay up to $3 when they acquire a new user in this fashion, but claiming that bounty is tricky. When the app is opened for the first time, it does a "lookback" to see where the last click originated to award the bounty. Cheetah and Kika apps are apparently abusing their permissions to abuse this system.

The offending apps ask for permission to view and open your installed apps, so they just watch for any new app installation. When you download something, the apps search for ad bounties and submit a fake click even if they never served the ad to anyone. They also use their permissions to launch apps to ensure they get the bounty. Kika Keyboard can even go a step further and monitor search queries in the Play Store to look up app install bounties. This affects the advertisers, of course, but legitimate developers could also lose out on a legitimately earned install bounty.

When contacted about the apparent fraud, Kika said it was investigating the matter internally. Cheetah attempted to blame third-party SDKs or ad networks, but Kochava points out the SDK involved in the click fraud is developed by Cheetah Mobile itself. These apps are popular, but I don't think I'm going out on a limb here to say they're all awful even without the shady click fraud. There would be an outcry if Google banished Cheetah Mobile from the Play Store, but maybe that's what it should do if these claims are proven accurate.

UPDATE: 2018/11/28 3:04pm PST BY STEPHEN SCHENCK

Cheetah Mobile has issued a new statement in regards to these allegations. In it, the company both claims impotency as to being technically able to carry out the fraud as described, and further refutes that advertising income sourced through its internal SDK is a major source of revenue.

Separately, Rosen Law Firm has opened an investigation on behalf of Cheetah shareholders into the company's actions and their corresponding impact on stock prices. Previously trading at around $9 a share, following the publication of this report Cheetah Mobile stock dropped as low as $5.42, before partially rebounding up near $6.60. Depending on the outcome of that investigation, a class-action suit may be forthcoming.

Source: Buzzfeed News