The Frightening Difference Between the Google Play Store and Apple’s App Store

Watchdog agency HUMAN found that both the Google Play Store and Apple Store contain numerous fraudulent apps, but the number on the Google Play Store far exceeds the amount detected on the Apple App Store.

By Gabriella Acuna | Published

Ad fraud has invaded both the Google Play Store and the Apple App Store. HUMAN’s Satori Threat Intelligence team identified 85 apps between the Google Play Store and the App Store. Ten apps with fraudulent ads were found in the App Store and 75 were found in the Google Play Store, signaling that Google Play Store users should be just a bit more careful when downloading any apps.

Ad fraud can be a broad term, but in this instance, ad fraud works by “‘impersonating legitimate apps and impressions’ for monetary gain,” states an article from 9to5mac.com. The ad fraud campaign in question is called “Scylla,” whose predecessor “Poseidon” was another campaign that launched a similar attack discovered in August 2019 that resulted in more than 40 Android apps on the Google Play Store with ad fraud. Researchers had also identified a previous threat before that called “Charybdis” in 2020, and all three are believed to come from the same source. 

Researchers at HUMAN found that Scylla has proven to be a more advanced version of Poseidon. Scylla engages in App and Bundle ID spoofing, which involves imitating other apps and creating fake bundle IDs in order to trick advertisers and ad tech companies into using their platform for ads or for a spot in their app store, like the Google Play Store or Apple App Store. Poseidon wasn’t as successful in “hiding” its malicious activity, and this is where Scylla excels. 

The spoofed apps use a bundle ID different from their actual name in an attempt to mislead companies and make money off of them, hence how they can up in places like the Google Play Store. They also evade fraud detection by regularly switching their fake bundle IDs. The researchers at HUMAN looked into 29 Scylla apps and found that they had copied 6,000 CTV-based apps, which are overall more expensive for companies to advertise on. 

Scylla is also responsible for other types of online fraudulent activities such as Out of Context ads, which are ads that appear where they shouldn’t, such as on the home screen of your phone. Scylla works by using a special code that causes ads to pop up even if the app isn’t open. Hidden ads, another Scylla tactic, consist of sneaky ads that generate false viewing metrics, which helps to mislead advertisers. 

google play store apple app storeUber GoDaddy cybercriminals

Another fraud tactic Scylla uses is fake clicks. Much like the altered viewing metrics, fake clicks give the impression that an ad is getting more clicks than it really is. Scylla apps use real click information and resend it to advertisers as an additional click in order to increase their profits. 

The ads themselves aren’t a threat to users’ devices, but the apps that the ads promote could possibly leave devices at risk. Through the affected apps found within the Google Play Store and Apple App Store, users are constantly exposed to fraudulent ads in an effort to get them to click on them. Once a user downloads one of the spoofed apps, they can become targets for other types of malware that can cause more havoc. 


The researchers from the security team already notified both Google and Apple about the apps with the deceptive ads, and both companies removed them from their stores. It is recommended that you delete the apps from your phone if you downloaded any of the afflicted ones. A list of those apps is available on HUMAN’s website.