AppLovin nonconsensual installs
50 comments
·October 14, 2025lukec11
bedelman
lukec11, I would enjoy chatting with you about methods and findings. Send a note? https://www.benedelman.org/mail/
w-ll
ADB can show you what package install'd a package. I've been running a setup but I gernally buy a bunch of the same phone, but after they get wifi they install masive amounts of junk.
OgsyedIE
Are there any apps designed to specifically gate every install, including background OTA installs sent by carriers, because I'm security conscious with my devices but I have family who very much are not.
Ideally, I can just nag my non-tech savvy relatives to let me install such a security app for them and then enjoy having peace of mind for their behalf.
jeroenhd
Not buying a carrier phone or buying an iPhone (which doesn't permit carriers to inject the same type of crap into the device, they can only influence access to certain settings). AppLovin cannot install anything in the background without deep system access, and manual installation of non-Google apps requires confirming at least three popups.
There are antivirus apps on Android that will warn you for this crap, but an antivirus cannot work on an operating system designed to install malware.
taspeotis
Yes: “App Store” on iOS protects you against exactly this.
Nifty3929
The same "walled garden" app store that is much maligned on HN?
Dylan16807
The only walls that need to be in place to prevent this are against malicious carrier app stores. There's no need to restrict users here, which is what people complain about.
Stopping carriers from ruining phones is quite popular on HN from what I've seen.
null
ChrisMarshallNY
Yup.
Geeks don’t like it.
But Apple is a three-trillion-dollar corporation, because most folks aren’t geeks.
margalabargala
Having non-tech-savvy relatives throw out their phones, buy thousand dollar hardware and swap to an operating system they are unfamiliar with is an absolutely terrible solution to the problem.
lukev
It definitely can and should be a factor when choosing what hardware to set your relatives up with in the first place, though.
alfalfasprout
Hyperbole of this comment aside, what else do you suggest then?
It's a fundamental tradeoff between allowing multiple ways for apps to be installed or forcing everything through a single installation workflow (a la iOS and its App Store).
FredPret
Take the hourly billing for those of us who work that way. Multiply by family tech consulting time. It's probably cheaper to buy an iPhone for everyone!
At least this used to be true in the halcyon days when iOS was simple.
colechristensen
On the other hand, iOS is popular because of quality issues like this. Android is only as good as it is because of the competition from Apple.
Before the iPhone you couldn't even get the "cool" phones in America, Japan had so much better things available and everybody envied what wasn't available here.
The reason we have any control from the carriers was the power Apple had and the stubbornness of Jobs.
A lot of the battles being lost by Apple are being won by groups who will make the ecosystem worse.
nicoburns
You could try looking at "MDM" products. They're mostly targeted at corporations, and tend to be server based (OS calls the server directly) rather than on-device apps. But they can do some of these kinds of things.
JumpCrisscross
> could try looking at "MDM" products
TinyMDM at $23/year seems to fit the ticket [1]. (I've never used it and just heard about it today.)
kokada
Modern Android devices now have the "Device Protection" option that does a bunch of things, including disabling side loading. And I think you can enforce this via work profiles too.
rgovostes
How does the platform even allow a single tap on an ad to install an app?
Edit: Discussed somewhat here https://www.benedelman.org/applovin-permissions/. Seems like it's abetted by garbage from the carrier.
Something for iOS to look forward to?
jeroenhd
iOS famously doesn't allow reloading themes or software. It's part of why they struggled to find a carrier to launch with in the beginning, because carriers modifying phones used to be the norm.
There are settings carriers can push to iOS (access to features like tethering, some network configuration stuff) but this type of malware cannot be pushed onto iOS. At worst, carriers push shitty Java applets to the (e)SIM, but that's all sandboxed off from any user interaction.
bedelman
Ben Edelman here, author of the page you linked above and the full article at https://www.benedelman.org/applovin-nonconsensual-installs/ (linked from top of this page). Happy to answer any questions.
lysace
You neglected to mention Google's Android. It's business model that maximizes for reach over everything else is the root cause.
margalabargala
The two options are reach over all else, or control of its customers and overcharging them at every turn over all else.
One is not obviously better than the other, though I'll grant that Apple has managed to get their users to a place where being subjected to them has become a point of pride, which is impressive.
eigen
> The two options are reach over all else, or control of its customers and overcharging them at every turn over all else.
do you have an example of "overcharging them at every turn"? looking at the Google One [1] vs Apple iCloud [2] pricing it seems pretty similar.
------ Google Apple
5 GB: free free
50 GB: N/A $0.99
100 GB:$1.99 N/A
2 TB: $9.99 $9.99
6 TB: N/A $29.99
[1] https://one.google.com/about/plans?hl=en&g1_landing_page=0
byronwrites
Somebody made a song about this. Hah! https://open.spotify.com/track/2sNBdJV7LjV3oxSKnE5kQT
andy
I reported problems about applovin sdk clicking on/opening ads on ios apps like a decade+ ago. have never used them since.
FredPret
AppLovin makes a gargantuan profit margin of 45%:
Even so, I avoid stocks that don't have a sustainable, value-based business model.
JumpCrisscross
> AppLovin makes a gargantuan profit margin of 45%
65% (68^%) net (gross) income margin for Q2 '25 [1]. 44% (54%) net (gross) for Q2 '24.
(Nitpick: I don't love financial dashboards that don't define and date their metrics. For example, what does leverage on that page mean?)
[1] https://www.sec.gov/ix?doc=/Archives/edgar/data/1751008/0001...
bradybd
Quite damning evidence
donsupreme
I really hope Unity gain more mobile gaming ads market shares away from AppLovin.
doctorpangloss
AppLovin has been doing this for a long time. BlueStacks and some other vendors have been doing this for literally a decade.
The root problem is that Google Play is poorly curated. One problem it has is that it ranks apps that have many downloads higher than those with fewer downloads. AppLovin is used to boost downloads for the purposes of the Google Play algorithm.
Of course, this is known to Google.
bedelman
Are you sure BlueStacks installs apps without user consent? I know BlueStacks as an emulator to play Android games on PC and Mac. That's a legitimate business, 100% consistent with what users want. Versus what I (author of the piece linked above) reported is that AppLovin is installing apps that users don't want -- installing silently, installing when users tap X, installing after a quick (5 second) countdown.
like_any_other
> Why would Samsung, T-Mobile, and others grant AppLovin the ability to install apps?
Exotica like Fairphone and PinePhone are starting to look pretty good...
agambrahma
Sorry, couldn't help myself
I looked through the AppHub APK last year after a friend told me they'd found unknown apps installed on their flagship Samsung, and I was very surprised to find some of the same "direct download" references you did.
I've known for a long time that T-Mobile shipped junk apps upon initial setup, but seeing them loaded OTA after a single click on an ad (even a few pixels off of the "x" button) is very concerning. Even putting aside the moral issues with practices like this, that's a huge security hole in a very large percentage of Android phones.