Unacceptable: AdMob auto redirects user to Play Store page of CM Security app

[Sébastien Leclerc]

I have been receiving many complaints from Android users of my app over the past few days.

They are redirected periodically and automatically to the Play Store page of app com.cleanmaster.security , even if they don't touch the AdMob banner.

I have been impacted by similar problems in the past, but it was with lousy ad networks.
Now AdMob is giving me trouble too...

The worst thing is that they don't seem to want to fix the issue quickly, as I have had no news since I opened a ticket with AdMob support last week.

Identifying and banning the advertisers responsible for this fraud should be easy as I have been enable to collect some logcat (see below).

Is anybody impacted by this issue ?

What do the good AdMob engineers that hang around here think of this and why it is possible in the first place ? Shouldn't the AdMob backend or SDK block the kind of Javascript that simulates clicks or tries to redirect users?


logs (edited to remove my publisher id):


10-26 22:12:19.006 I/Ads     ( 2992): Trying mediation network:
10-26 22:12:19.011 I/Ads     ( 2992): Instantiating mediation adapter: com.google.ads.mediation.admob.AdMobAdapter
10-26 22:12:19.046 I/Ads     ( 2992): Starting ad request.
10-26 22:12:19.121 W/ResourceType( 2992): Failure getting entry for 0x01080ace (t=7 e=2766) (error -75)
10-26 22:12:19.126 W/art     ( 2992): Attempt to remove local handle scope entry from IRT, ignoring
10-26 22:12:19.131 W/AwContents( 2992): onDetachedFromWindow called when already detached. Ignoring
10-26 22:12:19.141 W/art     ( 2992): Attempt to remove local handle scope entry from IRT, ignoring
10-26 22:12:19.141 W/art     ( 2992): Attempt to remove local handle scope entry from IRT, ignoring
10-26 22:12:19.211 W/cr.BindingManager( 2992): Cannot call determinedVisibility() - never saw a connection for the pid: 2992
10-26 22:12:19.221 D/ViewRootImpl( 2992): ViewPostImeInputStage ACTION_DOWN
10-26 22:12:19.996 I/Ads     ( 2992): JS:  [  0.013s] [studio.sdk]  (https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js:94)
10-26 22:12:19.996 I/chromium( 2992): [INFO:CONSOLE(94)] " [  0.013s] [studio.sdk] ", source: https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js (94)
10-26 22:12:20.021 I/Ads     ( 2992): JS:  [  0.043s] [studio.sdk]  (https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js:94)
10-26 22:12:20.021 I/chromium( 2992): [INFO:CONSOLE(94)] " [  0.043s] [studio.sdk] ", source: https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js (94)
10-26 22:12:20.081 I/Ads     ( 2992): Ad finished loading.
10-26 22:12:20.081 I/Ads     ( 2992): Scheduling ad refresh 60000 milliseconds from now.
10-26 22:12:20.086 I/Ads     ( 2992): Ad finished loading.
10-26 22:12:20.116 W/chromium( 2992): [WARNING:web_contents_impl.cc(2990)] https://googleads.g.doubleclick.net ran insecure content from http://unionpromoadvise.com/cl.php?id=4
10-26 22:12:20.116 W/Ads     ( 2992): JS: Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://unionpromoadvise.com/cl.php?id=4'. This content should also be served over HTTPS. (https://googleads.g.doubleclick.net/:0)
10-26 22:12:20.116 I/chromium( 2992): [INFO:CONSOLE(0)] "Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://unionpromoadvise.com/cl.php?id=4'. This content should also be served over HTTPS.", source: https://googleads.g.doubleclick.net/ (0)
10-26 22:12:20.746 W/chromium( 2992): [WARNING:web_contents_impl.cc(2990)] https://googleads.g.doubleclick.net ran insecure content from http://tracking.lenzmx.com/click?mb_pl=android&mb_nt=cb6161&mb_campid=myntra1_in&aff_sub=IN4
10-26 22:12:20.746 W/Ads     ( 2992): JS: Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://tracking.lenzmx.com/click?mb_pl=android&mb_nt=cb6161&mb_campid=myntra1_in&aff_sub=IN4'. This content should also be served over HTTPS. (https://googleads.g.doubleclick.net/:0)
10-26 22:12:20.746 I/chromium( 2992): [INFO:CONSOLE(0)] "Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://tracking.lenzmx.com/click?mb_pl=android&mb_nt=cb6161&mb_campid=myntra1_in&aff_sub=IN4'. This content should also be served over HTTPS.", source: https://googleads.g.doubleclick.net/ (0)
10-26 22:12:21.021 I/Ads     ( 2992): JS:  [  1.045s] [studio.sdk] Using default ad parameters in test environment. Simulating local events. (https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js:94)
10-26 22:12:21.021 I/chromium( 2992): [INFO:CONSOLE(94)] " [  1.045s] [studio.sdk] Using default ad parameters in test environment. Simulating local events.", source: https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js (94)
10-26 22:12:21.026 I/Ads     ( 2992): JS:  [  1.045s] [studio.sdk] Using default ad parameters in test environment. Simulating local events. (https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js:94)
10-26 22:12:21.026 I/chromium( 2992): [INFO:CONSOLE(94)] " [  1.045s] [studio.sdk] Using default ad parameters in test environment. Simulating local events.", source: https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js (94)
10-26 22:12:22.006 W/Ads     ( 2992): JS: Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'market://details?id=com.myntra.android&referrer=apsalar_clid%3DjDBf7fwyrGF5SoIrq6KUPwEKNdKaTWuvsNWamqGZMtfJNUD885Yxoh97LLtfHe-a1SYalQksoInlnY1s4j0tP5mkp7HVRkm-M_qoy3jB9yomEM1P_9exsdAtTZwRLHTcSeVzLUFxetZ-nkDCEr50NAP4XyqFnss6K4CowtOYkNvUQ7YT9K1HyJcL-XoLkrvd66dDHWjCbKbRyI2K4jWtTVszzyzAPT4-AVx818PvV8ZX_lzFktL9RgOQgDXc5fzb-azt2raCM-8vkbczbzm8Ow'. This content should also be served over HTTPS. (https://googleads.g.doubleclick.net/:0)
10-26 22:12:22.006 I/chromium( 2992): [INFO:CONSOLE(0)] "Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'market://details?id=com.myntra.android&referrer=apsalar_clid%3DjDBf7fwyrGF5SoIrq6KUPwEKNdKaTWuvsNWamqGZMtfJNUD885Yxoh97LLtfHe-a1SYalQksoInlnY1s4j0tP5mkp7HVRkm-M_qoy3jB9yomEM1P_9exsdAtTZwRLHTcSeVzLUFxetZ-nkDCEr50NAP4XyqFnss6K4CowtOYkNvUQ7YT9K1HyJcL-XoLkrvd66dDHWjCbKbRyI2K4jWtTVszzyzAPT4-AVx818PvV8ZX_lzFktL9RgOQgDXc5fzb-azt2raCM-8vkbczbzm8Ow'. This content should also be served over HTTPS.", source: https://googleads.g.doubleclick.net/ (0)
10-26 22:12:22.006 I/Timeline( 2992): Timeline: Activity_launch_request id:com.lulo.scrabble.classicwords time:166920622
10-26 22:12:22.021 D/__DEBUG__( 2992): onPause

[Vu Chau (MobileAds SDK Team)]

Hi Sébastien,

Thanks for getting in touch with us regarding this.  Since you are using mediation, ads served to your app come from multiple sources in addition to AdMob.  While there have been incredible efforts in reviewing and quality-checking the creatives, in the end they are under the control of the third-party networks.  The SDK is only mediating and sending your requests out to those based on the their ordering in your mediation stack.  Issues like bad creatives happen because they are specific to the creatives and the way they are designed, rather than being SDK-originated.

If you know the name of the mediated network (either via Charles or getMediationAdapterClassName()) that serves ads that redirect users, keep in mind that you can always block them in your mediation settings (available on the AdMob's web interface).

Let us know if you have additional questions,

Vu Chau

Mobile Ads SDK Team

[Sébastien Leclerc]

@Vu.

I am posting here because I *know* that the auto-redirect banner comes from AdMob.

It is visible in the logs: "10-26 22:12:19.011 I/Ads     ( 2992): Instantiating mediation adapter: com.google.ads.mediation.admob.AdMobAdapter"

Besides, I have already set-up filters to block the "anti-virus" category, derfowo.com URL and com.cleanmaster.security app.

As I predicted, this had NO effect, the policy-violating is STILL running.

This is why I urge AdMob to take measures to block or ban the buyer/advertiser who created the campaign.

--

---
You received this message because you are subscribed to a topic in the Google Groups "Google Mobile Ads SDK Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-admob-ads-sdk/xKTRczfSwxs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-admob-ads...@googlegroups.com.
To post to this group, send email to google-adm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Vu Chau (MobileAds SDK Team)]

Hi Sébastien,

Thanks for clarifying, and we understand your concern in this case.  If you wish, feel free to flag this campaign and bring it to the attention of the product support team.  

Best,

Vu Chau

Mobile Ads SDK Team

To unsubscribe from this group and all its topics, send an email to google-admob-ads-sdk+unsub...@googlegroups.com.
To post to this group, send email to google-admob-ads-sdk@googlegroups.com.

[Bartosz Andraczek]

Hello,

I have the same issue.

Upon start the app, after few seconds and periodically also later the Google Store is automatically opened with this apk: 

https://play.google.com/store/apps/details?id=com.ijinshan.kbatterydoctor_en

I see many warnings in the console like this:

11-02 15:56:36.692 13677-13677/com.binteraktive.kniffel.live W/chromium: [WARNING:web_contents_impl.cc(3071)] https://googleads.g.doubleclick.net ran insecure content from http://derfowo.com/click.php?c=112

11-02 15:57:09.000 13677-13677/com.binteraktive.kniffel.live W/Ads: JS: Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://global.ymtracking.com/trace?offer_id=104487&aff_id=30412'. This content should also be served over HTTPS. (https://googleads.g.doubleclick.net/:0)

11-02 15:57:09.150 13677-13677/com.binteraktive.kniffel.live I/chromium: [INFO:CONSOLE(0)] "Mixed Content: The page at 'https://googleads.g.doubleclick.net/' was loaded over HTTPS, but requested an insecure resource 'http://app.appsflyer.com/com.ijinshan.kbatterydoctor_en?pid=yeahmobi_int&clickid=fec3820d3-9819-b61b-7486bb96c5ddd90b78d19d71be39442fc3776f8059d0007&af_siteid=30412&af_sub1=30412&af_sub2=30412&referrer=utm_source%3D10000191'. This content should also be served over HTTPS.", source: https://googleads.g.doubleclick.net/ (0)

All leads to the battery doctor app.

I Have blocked all above domains and the apk id but it doesn't help.

[Vu Chau (MobileAds SDK Team)]

Hi Bartosz,

Please fill out the Mediation Issues form.  The product support team will want to investigate the issue at the server level.

Thanks,

Vu Chau

Mobile Ads SDK Team

[Bartosz Andraczek]

Hi Vu,

The problem seems to be solved since couple of hours. All ads in our products seem to work good now.

I think Admob must have fixed something because we don't observe any warnings in the console any more.

Cheers,

Bartosz Andraczek

CTO b-interaktive

[Asim Pereira]

Hi,

We have started facing this problem recently.

App randomly open the Play Store to a certain App (com.makemytrip). This occurs even if you are in a different screen which has no banner Ads.

The problem is so bad that sometimes the Play Store Ad opens up every 5 minutes or so.

W/Ads     ( 5701): JS: Mixed Content: The page at 'https://googleads.g.doubleclick.net/mads/gma' was loaded over HTTPS, but requested an insecure resource 'market://details?id=com.makemytrip&referrer=mat_click_id%3D162f8d16ed73eb237cdae030d68b5628-20151119-9864'. This content should also be served over HTTPS. (https://googleads.g.doubleclick.net/mads/gma:0)

I/chromium( 5701): [INFO:CONSOLE(0)] "Mixed Content: The page at 'https://googleads.g.doubleclick.net/mads/gma' was loaded over HTTPS, but requested an insecure resource 'market://details?id=com.makemytrip&referrer=mat_click_id%3D162f8d16ed73eb237cdae030d68b5628-20151119-9864'. This content should also be served over HTTPS.", source: https://googleads.g.doubleclick.net/mads/gma (0)

I/ActivityManager(  913): START u0 {flg=0x10000000 cmp=com.nexm.chessfan/com.google.android.gms.ads.AdActivity (has extras)} from uid 10671 on display 0

V/WindowManager(  913): addAppToken: AppWindowToken{282abea9 token=Token{387b0230 ActivityRecord{24b19373 u0 <ourappspackage>/com.google.android.gms.ads.AdActivity t10331}}} to stack=1 task=10331 at 1

I/Ads     ( 5701): Ad opening.

I/ActivityManager(  913): START u0 {act=android.intent.action.VIEW dat=market://details?id=com.makemytrip&referrer=mat_click_id=162f8d16ed73eb237cdae030d68b5628-20151119-9864 cmp=com.android.vending

What has gone wrong with Admob. I do not even have any 3rd party Ads providers in my mediation stack.

Regards,

Asim

[Vu Chau (MobileAds SDK Team)]

Hi Asim,

Thanks for getting in touch.  This seems to be a creative-specific issue, where the creative's JS is automatically triggering the clickthrough. 

Would you be able to send across the ad unit ID in question (if you are using the SDK)?  If so, are you able to recreate this scenario in our sample app?

Vu Chau

Mobile Ads SDK Team

[Asim Pereira]

Hi Vu,

Thanks for your quick response.

Could you please explain what you mean by "creative-specific issue"?

These are the two Apps in which I observed this problem yesterday. (ca-app-pub-2928018827463150/6590823828 and ca-app-pub-8559841769794890/3945001031). Please note these are linked to two different accounts, but one is a personal account and other is linked to my Startup.

For now I have blocked that App via Admob, and have not seen the issue this morning, though not sure that is really the reason.

This and past experiences have brought us to the point where are are seriously contemplating stopping all Ads in our Apps even if that means we have to give up the revenue. Its just bad experience for the App user and we have also got some 1* ratings where user thinks their device is infected with a virus!

This is so bad, that my calendar has an entry to review the Ads in Admob Ad review center every Fri/Sat. You may notice it from my account (18 blocked Advertiser urls, 19 blocked Apps and maybe 500+ blocked Ads/Adwords accounts.)

I am very surprised that Google/Admob with all its tech/machine learning might, have not been effectively able to address this issue.

Regards,

Asim

--

---
You received this message because you are subscribed to a topic in the Google Groups "Google Mobile Ads SDK Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-admob-ads-sdk/xKTRczfSwxs/unsubscribe.

To unsubscribe from this group and all its topics, send an email to google-admob-ads...@googlegroups.com.
To post to this group, send email to google-adm...@googlegroups.com.

[Vu Chau (MobileAds SDK Team)]

Hi Asim,

Thanks for the information!

By "creative-specific issue", I meant the issue might happen due to one creative but not another.  Reasons include creative-specific design, its ad network (in the case of mediation), and operations it's configured to do, among others. 

Having tested with the ad unit IDs you provided and giving them a couple of minutes to refresh, I see that they are app install ads.  However, I haven't seen any of them triggering the Play Store to open another app yet.  Are you able to see this behavior on your own devices? Are the banner ad and your app content overlapping each other, causing the ad to mistake neighboring taps and trigger the clickthrough?  

Vu Chau

Mobile Ads SDK Team

On Thursday, November 19, 2015 at 8:27:34 PM UTC-5, Asim Pereira wrote:

Hi Vu,

Thanks for your quick response.

Could you please explain what you mean by "creative-specific issue"?

These are the two Apps in which I observed this problem yesterday. (ca-app-pub-2928018827463150/6590823828 and ca-app-pub-8559841769794890/3945001031). Please note these are linked to two different accounts, but one is a personal account and other is linked to my Startup.

For now I have blocked that App via Admob, and have not seen the issue this morning, though not sure that is really the reason.

This and past experiences have brought us to the point where are are seriously contemplating stopping all Ads in our Apps even if that means we have to give up the revenue. Its just bad experience for the App user and we have also got some 1* ratings where user thinks their device is infected with a virus!

This is so bad, that my calendar has an entry to review the Ads in Admob Ad review center every Fri/Sat. You may notice it from my account (18 blocked Advertiser urls, 19 blocked Apps and maybe 500+ blocked Ads/Adwords accounts.)

I am very surprised that Google/Admob with all its tech/machine learning might, have not been effectively able to address this issue.

Regards,

Asim

To unsubscribe from this group and all its topics, send an email to google-admob-ads-sdk+unsub...@googlegroups.com.
To post to this group, send email to google-admob-ads-sdk@googlegroups.com.

[Asim Pereira]

Hello Vu,

The issue occurred today as well and this time it was for UC Browser Mini (eventually I disabled that one too).

Yes all of them open up the Play Store app to that particular App's page.

Even if the device is on the table with my hands in the pocket, it arbitrarily opens up the Play Store page (whilst my App is in the foreground). Yes me and my team member has seen this behavior on our personal devices.

It does not happen at all times, but when it does occur, it just shows up those Ads (play store page) multiple times in a matter of minutes (without even touching anywhere on the screen!!).

Regards,

Asim

On Fri, Nov 20, 2015 at 9:54 PM, Vu Chau (MobileAds SDK Team) <mobileadssd...@google.com> wrote:

Hi Asim,

Regards,

Asim

To unsubscribe from this group and all its topics, send an email to google-admob-ads...@googlegroups.com.
To post to this group, send email to google-adm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to a topic in the Google Groups "Google Mobile Ads SDK Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-admob-ads-sdk/xKTRczfSwxs/unsubscribe.

To unsubscribe from this group and all its topics, send an email to google-admob-ads...@googlegroups.com.
To post to this group, send email to google-adm...@googlegroups.com.

[Vu Chau (MobileAds SDK Team)]

Hi Asim,

Thanks again for the details.  I understand your concern, and I will relay the experience to the rest of the team.  In the mean time, let us know if you continue seeing the issue in our sample app and/or with other ad units.

Vu Chau

Mobile Ads SDK Team

On Friday, November 20, 2015 at 11:54:23 AM UTC-5, Asim Pereira wrote:

Hello Vu,

The issue occurred today as well and this time it was for UC Browser Mini (eventually I disabled that one too).

Yes all of them open up the Play Store app to that particular App's page.

Even if the device is on the table with my hands in the pocket, it arbitrarily opens up the Play Store page (whilst my App is in the foreground). Yes me and my team member has seen this behavior on our personal devices.

It does not happen at all times, but when it does occur, it just shows up those Ads (play store page) multiple times in a matter of minutes (without even touching anywhere on the screen!!).

Regards,

Asim

Regards,

Asim

To unsubscribe from this group and all its topics, send an email to google-admob-ads-sdk+unsub...@googlegroups.com.
To post to this group, send email to google-admob-ads-sdk@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to a topic in the Google Groups "Google Mobile Ads SDK Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-admob-ads-sdk/xKTRczfSwxs/unsubscribe.

To unsubscribe from this group and all its topics, send an email to google-admob-ads-sdk+unsub...@googlegroups.com.
To post to this group, send email to google-admob-ads-sdk@googlegroups.com.