Google Recent Report: PPI and PUP

Another industry “game changing” point by Google.

On Thursday, Google released a report (which they will be presenting this week at Usenix in Austin, TX), focusing on PPI networks (bundler practices) which are (presented as) the major cause for an unwanted installs (software, extensions, ad injectors) on an end user (referred to as “victim”) device:

Similar to last year’s report focusing on ad injection, Google published again a research, this time focusing on PPI (bundle) eco-system and the connection to PUP. The report includes special emphasis of deceptive practices used by such networks – and their respective affiliate and promotional tools – to drive many unwanted installs by “victims”.

This time, NYU (ft. Google), based on Safe Browsing data analysis, focusing on what they define as the 4 biggest PPI networks: OutBrows, OpenCandy, InstallMonetizaer and Amonetize.

Many others are mentioned (as part of the eco-system description and tested samples), including ad injectors, affiliate networks, system utilities and installers.

Seems like this report fails to demonstrate (or even mention) that not all PPI networks or practices are bad, and some do drive legitimate downloads of software that consumers want. However, it does imply this (understatement) in 2 points (one, agreed and static bundle, like Java and the Ask toolbar; second, AV and major brands that are found to be distributed by a PPI network, although this statement is later on diluted by the assumption of such brands are likely to be unaware).


Reading the report, it looks as if the next to be targeted by Google would be system utilities and upsell monetization, but that is my assumption.

Feel free to share your thoughts!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *