Hello everyone! I'd like to divert your attention from actual development issues for a moment, in order to make you aware of a troubling development that affects everyone who uses Admob advertisements in their programs, and everyone who uses these programs.
I'm an active member on a German Android forum, and a number of threads have cropped up highlighting a number of mobile phone ringtone/horoscope type scams, which are apparently using Admob in combination with malicious apps to charge users for services they never ordered or agreed to. For German speaking readers (or people who actually understand what comes out of Google Translate), here are the original threads: http://www.android-hilfe.de/smalltalk-offtopic/26555-achtung-abzocke-blinkogold-de.html http://www.android-hilfe.de/android-apps/31470-vorsicht-bei-app-werbung.html The problem: Apparently the ads in question are regluar Admob-ads. Click on them, and usually you'll get pushed into the browser onto a page where this dubious "Blinkogold" company tries to sell you horoscopes, ringtones and stuff like that. While this is already a little dubious, it's no worse than the ads on MTV here in Germany, and seems to be accepted as the norm. Whether or not it should be, is a completely different topic. The problem here, however, is that a few users are reporting that they're getting SMS along the lines of "Welcome to your Blinkogold horoscope subscription! Your horoscope for the week is xxxxxxx, you've been billed for 2,99€ for this SMS. To cancel please visit *link*." Now, aside from the fact that a) the 3€ are charged to the phone bill pretty much no matter what the user does from this point on, and b) cancelling is a major hassle because the links don't work properly (obviously a ploy to make cancelling more difficult - the "real" cancellation link can be found on the Blinkogold homepage somewhere, hidden nicely so that it's really hard to find), we have an even more troubling devlopment: This behaviour has appeared consistently in certain apps, and only these certain apps. For instance: World Cup 2010-FotMob The users are adamant about having only clicked on the Admob banner - and DEFINITELY not having sent any type of confirmation SMS to confirm their purchase/subscription (which is, obviously, a requirement - because a] how else would they know what number to bill [pure IP connection up until now, right?] and b] an actual SMS or phone call initiated by the user seems to be a requirement by law for selling this kind of stuff via phone bill here in Germany). If these users aren't exaggerating, we have a big problem: If they didn't send the SMS, the app must have. This is unlikely, since AFAIK, the apps don't have the relevant permissions to send SMS. Another user (or rather, developer - he clicked on the Admob banner in his own program, here: http://www.android-hilfe.de/android-apps/31470-vorsicht-bei-app-werbung-6.html#post366043), in a far more likely scenario, said that he was pushed into the browser when he clicked on the banner, and a two clicks on the homepage later, he was in his SMS-app, with a preformulated SMS ready to send to Blinkogold, ready to incur costs of 3€ a week for an indefinite amount of time. With the inaccuracy of capacitive touchscreens, and their tendency to "click" on items without the user actually intending to do anything, this type of behaviour in web sites (and the Admob banners that link to them) is quite troubling. It's easy to imagine a user clicking on the banner and then ending up with a subscription without any further user interaction than having a finger resting on the edge of the touchscreen (this is probably the reason why the iPad is 50% bezel, but that's another topic :P). Now, the obvious question here is: What can we do about it? First of all, we need to narrow down how this is happening. I'm assuming a combination of user error and greed on the part of Admob - the actual transactions taking place appear (at least on the surface) to be legal here in Germany, and a minimal amount of user interaction is PROBABLY (it's unlikely that there was truly no user error involved at all) required in order for this to work. However, from my point of view, the amount of user action required for subscription to these services is not sufficient, which would lead me to classify the service in question as a scam. And scams that prey on unsuspecting users and then charge them through their phone bill (something we, as end users, have surprisingly little control over) are something we definitely DON'T want on Android. Therefore, assuming the reports are at least 50% correct and not so embellished that they're outright lies, we should be finding a way to remove Blinkogold (and other dubious advertisers) from Admob and any other sources Android uses for in-app advertisement (are there any others?). This is where all you developers come in: How do we procede? I'm assuming a single complaint lodged with Admob will be shrugged off easily, considering the amount of money at stake. Possibly it would be more effective to contact Google itself (a chance to prove themselves once again in their "Do no evil!" stance) and have them take care of it. Maybe a few Google employees will read this post and know where to go from here. If you have any ideas on how to procede, or information about the technicalities concerning the methodology used by Blinkogold (and similar "services") to trap unsuspecting Android users, please chime in! Kind regards from Germany and the members of android-hilfe.de, and thanks for reading! -- Simon Broenner -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
