AppLovin Appears to Be Installing Apps That People Don't Want Via Some Questionable Ad Practices
The Wall Street darling keeps having to answer questions
Despite a booming business - AppLovin has had a bit of a rough year.
The mobile ad tech company has been accused of all sorts of improprieties over the past several months, including a bombshell report from a short-seller, followed by several others - all of which sent its stock plunging last spring.
While the mobile app ad company has since rallied, posting a whopping 77% jump in revenue in Q2, here’s another potential blemish on its reputation.
Noted ad fraud expert Ben Edelman says he’s been tracking some highly suspect behavior from AppLovin for a while. Edelman is a former Harvard professor who was my go-to for a series of stories I wrote on shady ad tech practices for several years.
Edelman said he was contracted by a group of short-sellers earlier this year to look into the scale of AppLovin’s business (the company’s market cap is nearly $150 billion - more than double that of The Trade Desk). Since that contract ended, Edelman has continued his own investigation, and says he has collected reams of code that - in conjunction with a multitude of user complaints and various public statements from employees - he believes points to AppLovin installing ads on people’s phones without their knowledge, through mobile ads.
Media buying today? Complicated. Fragmented. Risky.
That’s why EX․CO created Mastering the Multiscreen Mix—a field-tested playbook built for brands and agencies who want to make better decisions across screens. Learn where the waste is, what actually works, and how to maximize your ROI across CTV, DOOH, and digital video. It’s your cheat code for the multiscreen world—get the guide now.
Edelman says he found evidence that this was occurring on Samsung, T-Mobile, TCL, RealMe and other Android devices. Here’s how it works:
It appears that AppLovin has a relationship with these carriers and device manufacturers to run a "out-of-box experience" for them. This practice - sometimes referred to as ‘direct download’- isn't necessarily nefarious; it's common for device makers to work with third parties to add apps to new phones. Sometimes these are basic or standard apps, like Uber or Facebook. Edelman likened this to when a person buys a new computer, and it already has apps such as Skype or Norton antivirus software, pre-installed. Sometimes these are apps that are really only there because their makers pay to get them put there.
To do this, AppLovin appears to have the technical ability to install apps on users' Android phones without having to go through Google Play. Again, that’s not necessarily wrong, unless it is abused. According to AppLovin’s privacy policy, users are the ones choosing to install apps on such devices: “Direct Download, which facilitates the on-device installation of mobile apps that you choose to download through the Array Services”
However, Edelman believes the evidence he’s collected to date points to apps being installed that go beyond the basics - and this happens when people are simply playing a mobile game that AppLovin monetizes with ads.
In some cases, Edelman said that users are seeing apps end up on their phones, without their knowledge or consent - through accidentally clicking on an ad. The games include “Save the Girl” and “Coin Master.”
To Edelman, this is not what users expect, especially considering that the Google Play Store installation confirmation screen is supposed to be required before an app can begin to install.
“When I first started looking at it, my first thought was how stupid the games were, and how stupid the ads were,” Edelman said. “They way they were designed, they were not serious games, and all you saw were ads for other games. AppLovin talks up it’s eCommerce business, but you don’t see it.”
“It didn't seem like the work of a company [valued this high]. It didn't look real.”
As Edelman noted, some of the language featured in the code he found even refers to a “silent install.”
In com.applovin.array.apphub.tmobile_1.17.2-1017002_minAPI29(nodpi)_apkmirror.com.apk, see class TmobileSilentInstallManager. “Silent install”
Officials from AppLovin ignored multiple requests for comment. Samsung and others declined my requests as well.
A T-Mobile rep said: “AppLovin does not pre-install any mobile apps on T-Mobile devices or install apps without our customers’ consent. We work with AppLovin to enable a mobile advertising experience with strict ad guidelines, and customers choose which apps they’d like to install.”
I am not going to pretend that I looked at the reams of code Edelman shared with me and completely understood what it revealed. So I asked him to explain how it worked as best as he could:
Edelman said he purchased several test devices, including a new T-Mobile phone, as well several used devices from Amazon and eBay. He tested them, installing certain apps he believed were able to trigger the unwanted installations of other apps. He also inspected what APK files were present on each device. APKs (Android Package Kits) are the bundles used to install apps onto Android OS.
He then studied the various permission claimed by each pre-loaded game through these APKs settings on each device, and used his own tools to examine the source code of various apps.
He then studied the various permission settings on each device, and used his own proprietary tools to see examine the source code of various apps.
Then, on these phones, Edelman began playing games, several of which delivered multiple ads - typically for other mobile games. In almost all cases, the ads took over Edelman’s screen, requiring him to wait, then press a ‘next’ button, then wait another few seconds before ‘x-ing’ out of the ad.
“That X is easy to miss,” he said. “My diagnosis is that these cause the user to tap on ads, and then provide the authorization to install games without their knowledge.”
To be sure, people who experience these sort of installs can delete the games. If they were to look through their app settings, these games would not be listed as coming through the Google Play store, but rather through “Apphub” or via that carrier in question.
I ran Edelman’s code and research past several mobile ad experts. As you might imagine, many did not want to touch it. One mobile ad insider said he was unable to tell whether this code was part of a legitimate direct download relationship. Others concurred with Edelman.
“This definitely looks like AppLovin is engaging in, participating in, or just benefitting from, zero-click installs with preloaded apps that have elevated permissions,” said Shailin Dhar, founding partner of Method Media Intelligence. “Essentially adtech being used like malware.”
It’s very hard to know just how big a deal all this is. Could shady app installs account for a hundred billion dollar business? My guess is no.
“While the world is full of low-end devices and unsophisticated smartphone users, the scale of this problem in the wild can be debated to the end of time unless there is a serious audit into the company and its attributed installs,” said Dhar.
AppLovin CEO Adam Foroughi has told analysts that its “direct download business was never a major growth revenue driver.”
“Every download results from an explicit user choice—whether via the App Store or our Direct Download experience.” Yet it raises the question, why bother at all with this stuff, if you eCommerce plans and overall mobile ad business are strong? Or is there a more reasonable explanation for what Edelman has been tracking?
Curiously, there are examples of AppLovin employees talking up how important direct downloads are on Linkedin.
One ad industry insider mentioned that AppLovin, through MoPub, has long been a partner of Meta - which could be a large revenue driver. The short-seller Muddy Waters accused AppLovin of extracting user-IDs from Meta earlier this year.
Regardless, there are numerous examples of Android consumers complaining about getting mysterious apps on their phones via AppHub
“Can anyone help me? My phone is randomly installing apps from this AppHub which I can't find in the settings”
“Recent update just pumped it onto my phone and without me allowing it, it's going through and installing dozens of pos mobile games. It's invisible to the user and cannot be disabled or uninstalled.”
“Does anyone else seem to have apps downloaded to their device after playing Wordscapes? I seem to have some of the apps on my phone now that appear in the ads, but did not download them.”
Edelman has a long history of uncovering ad fraud. I asked him why he’s continued this pursuit, even though his short-seller contract ended.
“I have a personal interest in this,” he said. “I want to make phones the secure and excellent space they should be. And I like a fair fight.”
Edelman said he felt for AppLovin’s competitors, as well as average joes who might end up with phones littered with apps they don’t want.
“Some of the comments on Reddit are heartbreaking,” he said. “For some people, having to replace a thousand-dollar phone could mean they are spending money on that rather than Christmas presents.”