Mobile ad fraud continues to surge as scammers get smarter - with in-app fraud increasing by as much as 800% this year

Mobile ad fraud continues to surge as scammers get smarter - with in-app fraud increasing by as much as 800% this year

google bot employees

David Goldman/AP Photo

  • In-app fraud was the fastest-growing ad fraud issue in 2018, according to verification company DoubleVerify.
  • The company uncovered a sophisticated app-spoofing fraud scheme this past summer involving 85 apps and five developers.
  • More recently, popular apps in the Google Play Store were discovered to contain malicious code used for ad fraud, BuzzFeed News reported.
  • However, industry players are trying to come together to tackle the issue.

Ad fraud remains rampant, continuing to eat into an increasing share of marketers' ad dollars and cheat publishers out of revenue.

Click farms, botnets, and domain spoofing are infiltrating everything from websites and video inventory to over-the-top and connected devices and mobile apps.

Read More: Scammers have accelerated their attacks on connected-TV and OTT devices, marking a whole new front for advertisers and publishers to combat ad fraud

But the fastest-growing ad fraud issue in 2018 was in-app ad fraud on mobile devices. Verification company DoubleVerify's Fraud Lab said it saw an 800% increase year over year in the number of fraud attempts that they blocked. (The company wouldn't give raw numbers.)

"As overall ad spend continues to go toward mobile - with two-thirds of all budgets going into mobile and three-fourths going directly into in-app - fraud is on the rise as well," Dan Slivjanovski, DoubleVerify's chief marketing officer told Business Insider. "In-app fraud will only accelerate as it follows the big pools of budget allocation."

In-app fraud was the fastest-growing fraud issue in 2018

Ad fraud has been perennial problem in digital advertising, with advertisers expected to lose $51 million per day and $19 billion in all of 2018, according to Juniper Research.

With app installs making up a more than $7 billion global market, according to eMarketer, in-app fraud has gotten more sophisticated over the past year, expanding to areas such as app-spoofing, hidden ads, and mobile hijacked devices.

DoubleVerify, for instance, uncovered an extensive app-spoofing fraud scheme this past summer, involving a network of 85 apps including gaming apps like Jigsaw Puzzles Bliss, and five developers, such as Unisoft Games and Sweet Box Apps. The network of apps not only spoofed premium apps (which DoubleVerify wouldn't name), thereby gaining access to more valuable inventory, but also cross-spoofed other apps in the group.

The way it worked was, once a user downloaded and opened one of the fraudulent apps, the app connected to a spammer-controlled server. This server then essentially took over the compromised device and began orchestrating ad fraud by posing as a more premium app and getting ad networks to serve ads to it.

In traditional app-spoofing, malicious apps misrepresent themselves as other apps that are not connected to the fraud and are essentially innocent. In this case, however, DoubleVerify discovered that the spoofed apps, too, misrepresented themselves as other apps.

"Such techniques are used by apps that also perform other types of fraud, such as background or popup ads," said Roy Rosenfeld, head of DoubleVerify's Fraud Lab. "It is utilized to avoid fraud detection algorithms that use frequency and/or volume to identify ad fraud."

To be sure, DoubleVerify isn't the only company tracking how sophisticated scammers are getting with their techniques. App analytics and attribution company Kochava recently found that popular apps in the Google Play Store developed by Cheetah Mobile and Kika Tech contained malicious code used for ad fraud techniques known as as click injection and click flooding, BuzzFeed News reported.

Industry players are trying to combat in-app fraud

While brands who lose ad dollars to bots and other schemes are the direct victims, ad fraud also eats into the revenue of legitimate publishers and developers. But users take a hit too - with their phone batteries getting drained and data usage spiking due to shady ad transactions taking place without their knowledge.

Several stakeholders are trying to tackle the issue.

InMobi, for example, is working with DoubleVerify for fraud filtering and measurement for mobile in-app advertising campaigns across the InMobi Exchange globally. Since the BuzzFeed story, Google has begun emailing app developers, having found three malicious ad network SDKs (software development kits) that were being used to conduct fraud in those apps.

The most concerted effort comes from the industry consortium IAB Tech Lab, which recently rolled out app-ads.txt in beta, hoping to follow in the footsteps of its ads.txt initiative. The premise of app-ads.txt is to make it clear which third parties are authorized to sell inventory on mobile and over-the-top video apps, so ad buyers can confidently purchase through approved seller accounts in demand-side platforms (DSP).

"We need the industry to come together to agree on a standard, push app developers and app stores to adopt the standard, and then for platforms like exchanges and DSPs to build towards this standard," said Sam Tingleff, VP of engineering at the IAB Tech Lab.

"We can expect similar results as we saw with ads.txt," he added. "Bad actors will be pushed into increasingly dark corners of the ecosystem and the dollars available to them will dramatically decrease, growing the dollars available to good actors."