San Francisco — Facebook has sued two Asia-based developers for allegedly planting malware on Android apps that robotically clicked on ads to inflate revenue.

Through a practice known as “click injection fraud”, one of the apps generated more than 40-million ad impressions and 1.7-million clicks through Facebook’s Audience Network over a three-month period at the end of 2018, according to a complaint filed in San Francisco federal court on Tuesday.

Facebook has come under intense scrutiny over the use of private data and the impact of harmful content on its more than 2-billion users, with governments around the world challenging its policies. The company, meanwhile, is fighting back against commercial exploitation of its social networks. It’s suing firms in China and New Zealand, accusing them of artificially inflating “likes” and “followers” on Instagram accounts.

The developers named in Tuesday’s suit are JediMobi Tech of Singapore and Lionmobi Holding of Hong Kong. JediMobi made the maths app Calculator Plus; Lionmobi, the utility program Power Clean.

“Lionmobi has long adhered to the Facebook advertising policy and has never obtained any illegal income by so-called click injection fraud on the Facebook platform,” the developer said in an e-mailed statement to Bloomberg, adding that it generates app revenue from third-party software development kits common to mainstream ad platforms.

The company said it became aware in December that some of the software development kits on its apps “may lead to violations of policy” and that they have since been removed. Lionmobi said its monetising income on Facebook has been dropping every month since the end of 2017, and that Facebook terminated its co-operation with the developer on December 24, halting all income.

A representative for JediMobi didn’t immediately respond to requests for comment.

Facebook alleges the malicious code was installed onto people’s mobile phones through the apps. “At times, the malware was delivered in the form of ‘updates’ to the apps and, after October 2018, the malware was included directly in the apps,” according to the complaint.

Facebook says it discovered the phony ad clicks in December and disabled the apps and banned the developers from the network. It also said it repaid advertisers who paid for phony clicks.

Facebook is seeking unspecified damages and restitution.

With Joel Rosenblatt