Fraudulent apps surge 159% as mobile ad spending rises, study says

The number of fraudulent apps surged by 159% in 2018 from the prior year, according to a report that marketing measurement firm DoubleVerify …

Brief:

  • The number of fraudulent apps surged by 159% in 2018 from the prior year, according to a report that marketing measurement firm DoubleVerify shared with Mobile Marketer. The strong growth of in-app advertising is giving fraudsters more incentive to create apps that generate fake viewership activity.
  • Sophisticated invalid traffic (SIVT) impressions that are harder to detect doubled in 2018 from the prior year, per DoubleVerify. The company said 57% of fraudulent mobile apps are in the “games” and “tools and utilities” categories.
  • “With ad spend increasingly concentrated in mobile — and particularly mobile app, fraudsters are redoubling their efforts to take advantage,” Roy Rosenfeld, head of DoubleVerify’s Fraud Lab, said in a statement.

Insight:

Mobile advertising continues to surge, but unfortunately, that growth has invited fraudulent activity that robs advertisers of their media spend. Mobile ad spend is forecast to reach $87 billion this year, making up more than two-thirds of the overall U.S. digital ad market of $129.3 billion, researcher eMarketer forecast. As DoubleVerify stresses in its statement, it’s “critical” for brands to understand the risks that fraud presents and allocate appropriate resources to safeguard their digital investments.

The most common forms of mobile ad fraud include ad stacking, app spoofing, background traffic, bots, clickfraud and retargeting fraud, MarTechSeries reported. In a recent example, a video fraud scheme targeting mobile app advertising ran video ads behind legitimate banners, generating at least 2 million ad calls per day, or at least 60 million ad calls a month, DoubleVerify’s Fraud Lab found last month.

Major platforms have tried to tackle fraud, with different levels of success. Google has been responsive to removing malicious apps in its Google Play app store when mobile users report them, but the problem persists, including apps that claim to upgrade Android phones to the latest operating system, per TechRepublic. These malicious apps may bombard users with ads, spyware or malware that steals cryptocurrencies. Apple, which is perceived as having a “walled garden” that screens out malicious apps from the App Store, also has been susceptible to fraudulent apps, including one identified in December that tricked iPhone users into making purchases they didn’t intend, per Business Insider.

On the larger landscape, IAB Tech Lab has worked to tackle mobile ad fraud by harnessing the collective expertise of technicians from cellular service providers, brands, ad agencies and programmatic ad platforms. Last month, the group released the final version of its app-ads.txt specificationfor implementation among mobile ad platforms. The app-ads.txt file has the name and identification code for authorized sellers of the app’s available ad inventory, and helps to ensure that advertisers only bid on slots from authorized sellers. As DoubleVerify’s most recent findings suggest, marketers need to be vigilant in monitoring potential fraud.

Related Posts:

  • No Related Posts

Video Ad Fraud Has Been Draining Phone Batteries

The fraud was discovered by two ad fraud labs, Protected Media and DoubleVerify. Fraudsters purchase cheap in-app banner display space, but then …

When is a banner ad not a banner ad? When it’s a hidden video ad generating fraudulent advertising revenue while draining your phone battery and using your valuable data allowance.

As BuzzFeed reports, it’s been discovered that in-app banner ads have been hijacked on a massive scale to generate revenue for fraudsters working within the digital advertising industry. The people who suffer are consumers and their devices, but also the app developers who receive complaints regarding how quickly their apps are draining phone and tablet batteries.

The fraud was discovered by two ad fraud labs, Protected Media and DoubleVerify. Fraudsters purchase cheap in-app banner display space, but then hide auto-playing videos behind the banner image users see. The video is never seen by anyone, but because it plays it’s registered as viewed and therefore generates revenue for the fraudsters, and much more so than the banner ad does. It’s the big brands that are paying, but unbeknown to them, they’re paying for zero exposure of their products.

The video below demonstrates how the fraudulent video ads are hidden out of sight behind image banners:

As to the scale of this fraud, DoubleVerify gauged it at 60 million fraudulent video ads per month. The ad hijacking occurred on Twitter’s MoPub ad platform, and Israeli company Aniview, which specializes in video advertising solutions, was highlighted as being one of the sources of those ads. The company’s subsidiary OutStream Media was also identified by Protect Media as playing a part.

Aniview denies any direct involvement and has blamed “a malicious, unnamed third party” who took advantage of banner ads and code created by one of Aniview’s subsidiaries. Aniview CEO Alon Carmel, told BuzzFeed that the company, “does not knowingly engage in any fraudulent activity” and that immediate action was taken, “we stopped this activity and started and continue an internal incident review.”

Aniview isn’t saying who the malicious third party is, but has since removed a number of employees from the company’s website. They include Aniview co-founder Tal Melenboim and two employees who had leadership roles at OutStream Media. Melenboim has since denied being part of any illegal activity while at Aniview.

As Twitter’s MoPub ad platform was used, Twitter has also triggered its own investigation after verifying the activity Protected Media reported. If Twitter traces this back to Aniview, then there will surely be consequences for the advertising company.

It’s important to point out that this type of fraud isn’t new, but a spike in activity back in October sparked the ad fraud companies to look more closely. Aniview also isn’t the only company identified as taking part, with several others continuing to filter these hidden video ads into the digital advertising market. One of the companies Protected Media contacted responded with a complaint that everybody does it and it felt like they were being picked on!

Related Posts:

  • No Related Posts

What advertisers need to know about mobile ad fraud

A portion of the apps identified in the report was also sending traffic to the Smaato platform, but Smaato was able to quickly identify the fraudulent …

There is no sure-fire way of stopping mobile ad fraud due to its ever-evolving nature, but it’s important to ensure that our solutions are continuously improving and staying one step ahead of these fraudsters. Just because it’s challenging doesn’t mean that everyone in the industry shouldn’t work towards creating a protected mobile marketplace.

Part of the process of combating fraud also means bringing this issue out into the open. With that in mind, it’s important to talk about the types of mobile ad fraud and the ways to address the problem.

How big a problem is ad fraud? It’s hard to say, as estimates vary depending on who you ask. But according to a recent study by ad fraud specialist TrafficGuard, mobile ad fraud in APAC is expected to cost advertisers USD $56 billion by 2022. In Asia, fraud is higher in countries with large amounts of active users, which include South Korea, Japan, Australia, Indonesia, and China, and where users typically spend between three to five hours per day on apps.

Some of the most common methods of mobile ad fraud that affect advertisers are:

  • Ad Stacking: Multiple ads “stacked” on one another with only the top ad being visible. However, all ads are being paid for, regardless of whether the ads are visible or not.
  • App Spoofing: Advertisers intend to buy premium inventory but receive placements in low-quality apps which threatens brand safety.
  • Background Traffic: Malicious apps play ads on inactive applications that users do not see or experience.
  • Bots: They are used for a variety of malicious activities, including generating fake traffic, clicks, and installs.
  • Click Fraud: Advertisers are hoodwinked into placing ads in “high-clickthrough” apps when they are instead generated via bots.
  • Retargeting Fraud: Bots imitate the behaviour of interested customers to attract higher retargeting eCPMs across apps participating in the fraud.

Those are some of the bigger threats that advertisers face, and these tactics are often used together which makes stopping fraud even more challenging.

Stopping complex ad fraud schemes as they happen

Ad fraud is undoubtedly complicated and increasingly sophisticated. But what can be done to stop it? There’s no perfect solution, but a combination of in-house expertise, advanced technology, and trusted third-party vendors is the best way to combat fraud. Here’s how those important elements can come together to stop an advanced ad fraud scheme:

In October 2018, a BuzzFeed News investigation uncovered a sophisticated ad fraud scheme involving more than 125 Android apps and websites with a potential loss of millions of dollars in ad spend across the industry. By acquiring legitimate apps from independent developers through shell companies, the scheme made use of bots to mimic the behaviour of existing users of the apps to deliver fake traffic statistics to lure advertisers.

A portion of the apps identified in the report was also sending traffic to the Smaato platform, but Smaato was able to quickly identify the fraudulent scheme and stop it beginning in June of 2017 — a year before the scheme was publicly uncovered.

Here are the steps Smaato took to uncover the scheme and rectify the issue:

  • The first warning sign was when apps with relatively low or mid-range download numbers were recording suspiciously high traffic.
  • A high amount of traffic was being generated in the background when the apps were not active, or the device was on standby.
  • The apps shared a high percentage of identical common users.
  • The apps claimed to have different app developers but were connected via spoofing.
  • To combat the issue, Smaato blacklisted the suspicious apps and repeated the same process to ensure that advertisers were not losing their ad spend to fraudulent traffic.

By recognizing the fraudulent traffic early, platforms will be able to blacklist apps showcasing suspicious activity — and thereby, protect advertising dollars.

The Future of Ad Fraud Protection

As fraudsters continue to evolve their approaches so must the mobile advertising industry. While the current focus on cleaning up ad fraud and fighting emerging fraud schemes are critical to ensuring the long-term health of the mobile and in-app advertising ecosystem, industry-wide initiatives such as ads.txt, app-ads.txt and ads.cert also need to be prioritized.

Using tried and proven methods is a must, while the continual investment in technology, manpower, and certification will go a long way in the fight against fraud.

Related Posts:

  • No Related Posts

How Blockchain Can Help Solve Ad Fraud

The solution will require radical transparency, enabled by blockchain technology, writes Hunter Gebron, Director of Strategic Initiatives, MetaX.

As long as intermediaries have little incentive to distinguish between human and bot impressions in their reporting, ad fraud will be a problem. The solution will require radical transparency, enabled by blockchain technology, writes Hunter Gebron, Director of Strategic Initiatives, MetaX.

With the permeation of “fake news” and “click-bait” seeping into the once sacrosanct world of high-quality journalism, it seems we are already in the late stages of an information war that is being waged all around us.

Professional journalists that write in-depth and unbiased news stories chocked full of intellectual integrity are pitted against antithetical and unscrupulous click-bait hucksters. Both are using different means to achieve the same goal, readership, which in turn leads to ad revenue. But the consequences of who wins in this fight may ripple across our society for generations to come.

If we were scoring this bout, there is no question the journalists are losing. Journalism jobs are steadily in decline and have been for some time. “In the decade from 2008 to 2017, newsroom employment nationwide declined by nearly one-fourth (from 114,000 workers to 88,000).”

While most of the press around fake news centers around the Russian hacking of the 2016 political election and Facebook. There is another more insidious reason why fake news articles are written – to collect advertising revenue.

Here is a synopsis of how our ‘Free Internet’ stays free. Digital publishers (the ones that don’t want to live behind a paywall) must monetize via ad revenue. Advertisers pay publishers based on the number of eyeballs and clicks their ads receive. Consumers who want free content must contend with the endless barrage of ads that have become a ubiquitous part of our online experience. It’s not quite a Faustian bargain, yet, but it’s getting closer to resembling one everyday.

Also Read: What Is Native Advertising and How to Craft Your 2019 Strategy for Maximum Success

The important thing to know about digital advertising is that it’s a numbers game.

The more traffic digital publishers can draw into their site, and the more ads they can display, the more money they are able to collect from advertisers.

One of my favorite quotes is “show me the incentive I’ll show you the outcome” by Charlie Munger.

So let’s take a look at some incentives and their outcomes.

Digital advertising in 2018 topped out at around $111.14 billion and by 2019 it will account for 55% of all media ad spend.

The goal, if you are a publisher or website hosting ads, is to get yourself as big a slice of that $111 billion pie as you can. The incentive is to get as many eyeballs and clicks to see the ads you host as humanly (or as we’ll come to find out ‘in-humanly’) possible.

Now for the outcome.

Of the $111.14 billion spent roughly, $15 billion went straight to fraud.

Yes, you read that right, 13% of all money spent on digital ads was vacuumed up by fraudulent websites and bots in 2018. By 2020, that estimate balloons to $44 billion.

The incentive to get clicks and eyeballs leads to an outcome in which fraudsters have figured out how to game the system. Fake news is just one tentacle in a multi-armed beast that represents all the various forms of ad fraud.

A common practice, known as domain spoofing, where bad actors trick advertisers into buying on a site that isn’t really that site, is exacerbated by the complex patchwork through which digital ads travel, and that makes following the flow of money incredibly difficult.

“Why would fraudsters spoof a domain?” Imagine for a second you are a fraudster. You know that many advertisers want to buy ad placements on CNN.com. So you create a fake website that for all intents and purposes looks like CNN.com, but it’s really just a blank page with a video player on it. You then sell that fake page to advertisers as CNN.com. If it’s done well neither CNN.com or the advertisers ever knows what happened. If it’s not then it gets exposed.

Whether it takes place on a street corner in NYC or in a complex patchwork of web connections that funnels ads from point A to point Z, fraudulent inventory is fraudulent inventory. The vendor ends up not being paid and the customer gets tricked into paying for something they did not want.

‘It is difficult to get a man to understand something, when his salary depends upon his not understanding it!’” – Upton Sinclaire

The relationship between advertisers and news publications goes back a long time, at least 300 years in the United States. However, programmatic advertising has only been around for a decade. Yet billions of dollars are stolen every year. How can we stop this?

An answer may lie in distributed ledger technology. The major selling point for blockchain technology is its native property of radical transparency. All financial activity on the blockchain is recorded and visible. This is the exact opposite of digital advertising which is often likened to a ‘black box’. Money goes in and what comes out is a ‘report’ from a centralized, for-profit company telling you all the wonderful places your money was spent. Want the raw data so you can check for yourself? Good luck with that! And it’s these kinds of conditions where an activity like domain spoofing is able to thrive.

Also Read: What Is Bladtech?

Meanwhile, legitimate digital publishers are getting screwed. Money that should be going to them is being siphoned away to fraudsters.

Here is a novel concept. One that is partly inspired by the ads.txt initiative brought forth by the IAB Tech Lab. Ads.txt allows publishers to publicly declare who the authorized sellers of their inventory are.

We can apply the same principles using blockchain technology to allow digital publishers to publicly declare the authorized wallet addresses they control on the blockchain. The caveat is they will need to be comfortable accepting cryptocurrency as a form of payment from advertisers but the upside is it would completely eliminate the incentive for domain spoofing.

Remember, the main reason why domain spoofing is able to thrive is that fraudsters can collect the money to their bank accounts.

If everyone can publicly see the wallet addresses of everybody else (which is how public blockchains function) then money should never get sent to the wrong place. It would be pretty foolish to spoof a domain if you knew the money was going to be sent to the entity you were pretending to be regardless!

Getting an entire industry to get comfortable with the idea of accepting cryptocurrency is a tall order. But with $15 billion in fraud hanging over the digital advertising industry’s head, it may be time to start exploring alternative options.

Related Posts:

  • No Related Posts

Types of Ad Fraud

Ad fraud is a big, costly problem in our industry. To fight it, you have to understand the different forms it can take. The brand safety experts at Peer39 …

Ad fraud is a big, costly problem in our industry. To fight it, you have to understand the different forms it can take. The brand safety experts at Peer39 typically divide ad fraud into three categories: non-human traffic (i.e., bots); ads with zero chance of being seen (i.e., zero-percent viewability); and intentional misrepresentation. The imposters who are responsible for these kinds of fraud are savvy, and they are continually finding new and more sophisticated ways to make money by defrauding advertisers.


Here’s a closer look at some of the most common types of fraud:

Bot basics

General invalid traffic (GIVT)arescripts that run from a server such as Amazon Web Services or some other hosting provider. As their name implies, these bots are usually easy to identify because they have a static IP, user agent, and cookie ID. This makes fingerprinting them pretty easy using DSP auction logs or even web server logs to spot abnormally high clickthrough rate (CTR) or unexpected spikes in traffic that are the signatures of simple bots.

Sophisticated invalid traffic (SIVT)is not as easy to identify. These bots rotate user agents, using random proxies to rotate IP addresses, and they mimic normal “human” CTRs, so they are more challenging to detect. They are also now capable of completing complicated tasks like filling out forms or completing videos. Sophisticated bots can even put items in shopping carts and visit multiple sites to generate histories and cookies—making them look attractive to advertisers and publishers.

The unviewable

Ad stackingisacommon way that fraudulent publishers get credit for running an ad that is actually hidden behind other ads and not viewable. The publisher can thereby generate multiple impressions for a single page view, even when only the top ad in the “stack” is ever seen.

Site scams

Domain spoofingis a scheme employed bydeceitful publishers, ad exchanges, or networks to obscure the nature of their traffic to resemble legitimate websites. For example, an advertiser might sign off on a contract to run a campaign on a legitimate entertainment website with very high monthly traffic, but instead its ads end up on an unknown site. This practice is most prevalent in the programmatic space where publishers are sometimes allowed to declare their own domains and label their own site IDs. Spoofed domains are not just fake website addresses, they are also banner farms that contain bad content.

Ghost sitesare among the most difficultfraud methods for advertisers to spot. Fraudsters create content farms and use bots to mimic human traffic. The sites may then be introduced to a legitimate ad exchange, where ad impressions are made available for advertisers to buy programmatically. Exchanges usually spot these schemes quickly, but even a short lifespan can be profitable to the ghost site creators.

Zero-adsites arethosewhere advertising is forbidden, such as government or educational sites. But fraudsters still find ways to inject ads into them when a user downloads and installs a browser extension or app (such as a free PDF converter or browser toolbar) bundled with software that quietly injects unwanted ads into the user’s browser.

Fraud is lucrative

The scale of online ad fraud has a significant impact on advertising ROI and advertiser confidence because all those falsified impressions and clicks cost money without yielding conversions or revenue. It’s estimated that fraud consumes $1 of every $3 spent on digital advertising. In 2018, and advertisers lost an estimated $51 million every day to fraud, a figure that is expected to more than double by 2022. Time and time again, advertisers unwittingly reinvest in fraudulent inventory because it appears on reports to be driving results. Worst of all, ad fraud is not technically illegal, so there is minimal risk for bad actors.

Protection is possible

Because fraud schemes continually evolve, effective fraud prevention requires staying one step ahead of their game. Peer39 does this by tackling the problem from every angle, both before and after the buy. Peer39 pre-bid antifraud targeting helps marketers exclude fraud from the buy up front, eliminating zero-ad sites and other fake inventory. Peer39 post-buy solutions offer multichannel, AI-driven fraud detection and filtration that enables you to monitor viewability and detect bots and other invalid traffic threats—even difficult-to-detect schemes and domain spoofing.


Fraud isn’t going anywhere, but with vigilance, you can significantly reduce your exposure and protect your investment.

Contact a your account rep or a Peer39 account manager to keep your next campaign fraud-free.

Related Posts:

  • No Related Posts