The file manager trusted by millions, until Google stepped in.

Not knowing what your app is doing behind the scenes

ES File Explorer was once a go-to utility on Android. A clean, capable file manager that helped users organise, move and share content on their devices. It had over 100 million downloads and a strong reputation for reliability. It seemed like the kind of app that would always have a place on the Play Store. Then Google found out what was happening in the background.

When trust unravels without warning

The app’s parent company, DO Global, had been running ad-clicking scripts behind the interface. These scripts were generating revenue by tapping ads without the users’ permission. The developers said they didn’t know it was happening. They launched an internal investigation, and they issued a statement. But by that point, the damage had already been done. In April 2019, Google removed ES File Explorer – along with dozens of other apps from DO Global – from the Play Store.

There was no formal review or second chance. The apps were removed, distribution was lost, and the brand behind them faded almost instantly.

The issue wasn’t what users saw. It was what they didn’t.

The app worked well on the surface. But a hidden feature, likely introduced through a third-party integration or SDK, triggered the removal. This is the part many teams miss. It’s not always the visible experience that causes problems, it’s what’s running in the background that platforms scrutinise.

It could have been caught earlier

After the takedown, DO Global committed to auditing their other products. They took responsibility and pledged to rebuild, but the real opportunity was missed months earlier. With regular code audits, clear oversight of third-party libraries, and a basic compliance review, this issue could have been flagged and resolved before it became a removal-worthy incident.

“We didn’t know”

It’s a common reaction, but it’s not a defence. Google didn’t ask whether DO Global meant to breach policy, it responded to what the code was doing. That’s how most platforms operate. They act on outcomes, not intent. This is where we see so many app teams unknowingly put themselves at risk. They assume that if users are happy and the app performs well, the backend must be fine too. But it only takes one misconfigured SDK, one unexpected permission, or one out-of-scope integration to unravel everything.

Are you certain your app is clean?

What’s running in the background of your app right now? What’s happening in your third-party SDKs, your advertising layer, or your permissions? If the answer is anything other than “we know each permission” or “we’ve checked every area,” you may already be exposed.

Now’s the time to take a closer look

Start with our App Triage Checklist – a quick, no-nonsense checklist that helps surface hidden risks. Then follow up with the App Risk Radar, which gives you a clearer view of what might be missed in day-to-day development.

If you’re not completely sure what your app is doing, it’s worth finding out before someone else does.