The rapid growth of mobile advertising has an unfortunate dark side that squanders its effectiveness: mobile ad fraud. In response, mobile marketers, ad agencies and a budding fraud-detection industry are banding together to root out nefarious activity, often with the support of law enforcement.
While mobile technology promises to give marketers unparalleled insights into consumer behavior — especially with innovations like location tracking and geofenced advertising — fraudsters are relentless about escaping detection. Several industry insiders interviewed by Mobile Marketer are optimistic about the potential of new anti-fraud measures to reduce fraud, but it is too soon to tell just how effective they will be.
The problem is that as soon as one form of fraud gets neutralized, cybercriminals, illegitimate ad networks and organized crime rings come up with new ways to generate fake audience activity that costs advertisers billions.
"They see it as a cat-and-mouse game," Jason Santillano, director of marketing at mobile ad network Vungle, told Mobile Marketer. The company analyzes about two dozen kinds of data to identify fraudulent activity, including information that its software development kit (SDK) gathers from apps its in network, per a blog post.
Global losses to digital ad fraud — including desktop and mobile platforms — vary anywhere from $5.8 billion to $42 billion, depending on the research methods used. With more than one-third of ad dollars worldwide going to mobile platforms this year, the vulnerability to ad fraud is a serious concern. Mobile-based ad fraud makes up 46% of total digital ad fraud, according to a study by ad-verification firm CHEQ.
Preventing mobile ad fraud
Ad-fraud prevention experts say a key part of preventing mobile ad fraud is seeking greater transparency among the companies in the chain between advertisers and digital publishers. That can be more difficult amid the complexities of the programmatic ad marketplace that brings together a vast array of buyers and sellers in an automated system.
"It's important to know who you're buying from and make sure they have fraud prevention on their end," Roy Rosenfeld, head of the fraud lab at marketing measurement firm DoubleVerify, told Mobile Marketer. "Make sure you talk to their partners to ensure that they're cleaning out fraud."
In addition to private companies that provide fraud detection, nonprofit organizations like the Interactive Advertising Bureau (IAB) and Trustworthy Accountability Group (TAG) are also tackling the problem.
"We crossed a threshold where there was broader recognition that these behaviors weren't healthy for the industry."
President and CEO of TAG
The IAB Tech Lab’s ads.txt project, which consist of a list of companies that are authorized to sell their products or services, was extended to mobile apps with app-ads.txt. The initiative aims to combat app spoofing, a fraudulent practice of sending ad-placement requests while claiming to be a legitimate publisher.
App-ads.txt now has been adopted by more than 9,000 apps, including those from Gameloft, Pandora, Soundcloud and Microsoft, according to data that IAB Tech Lab shared with Mobile Marketer.
While the number is small compared with the millions of apps available on various app stores, the IAB Tech Lab's goal is to drive adoption among the most important app publishers that are seeking to monetize their content with ad placements.
"Adoption is taking off," Sam Tingleff, chief technology officer at IAB Tech Lab, told Mobile Marketer. "All the tech platforms are building and supporting the standard. It's going to be a critical step for apps to protect themselves from this kind of fraud."
Sell-side platform PubMatic last month start enforcing the app-ads.txt to help fight fraud, the company announced.
TAG was created with the support of the IAB, Association of National Advertisers and the American Association of Advertising Agencies to stamp out online fraud, piracy and malware. The organization, which has doubled to more than 500 member companies in the past year, verifies that companies in the digital ad supply chain adhere to certain standards.
"A couple of years ago, there was a reticence to look too intensely at ad fraud, with worries about performance metrics declining," Mike Zaneis, president and CEO of TAG, told Mobile Marketer. "But we crossed a threshold where there was broader recognition that these behaviors weren't healthy for the industry."
TAG got a big boost in 2016 when Marc Pritchard, chief brand officer at Procter & Gamble, said the company would require its digital media partners to get a TAG approval or risk losing its business. P&G has been one of the world's biggest advertisers for years, and last year spent an estimated $10.5 billion on advertising and marketing, Ad Age reported.
TAG is currently expanding its "threat exchange" platform to let a wider group of companies share information about digital ad fraud and report it to authorities such as the Federal Bureau of Investigation.
In addition to industrywide efforts to stop mobile ad fraud, companies are adopting private solutions to ensure the integrity of ad placements for marketers. Kargo, a sell-side platform that has ad inventory from a curated group of publishers including NBC, CBSi, Buzzfeed, Penske Media and Scripps, recently implemented a pre-bid prevention product called MediaGuard made by cybersecurity firm White Ops.
Following the move, Kargo saw invalid traffic plunge to 0.38%, a fraction of the 3% to 5% level that's more common for mobile display advertising.
"That is like putting money back in the pockets of advertisers," Harry Kargman, founder and CEO of Kargo, told Mobile Marketer. His company, which has 170 employees and $100 million in annual revenue, also gives advertisers improved audience data-sharing with publishers to improve for marketers and build trust.
Common kinds of mobile ad fraud
Mobile ad fraud comes in many forms, having evolved in the past few years alongside broader trends in app usage, mobile video streaming and greater dependence on in-app advertising among popular apps like games.
In many ways, mobile ad fraud isn't much different than the ad fraud seen on desktop computers. Fraudsters set up mobile websites or apps and generate fake viewership of ads with bots that emulate the online activity of real humans. The bots are designed to do things that advertisers want consumers to do, such as clicking on banners and streaming multiple video ads.
"Advertisers are most incentivized to stop ad fraud because it's their money getting wasted."
Performance optimization lead at Vungle
But mobile ad fraud also consists of fake activity aimed at app developers that spend a significant portion of their app development budgets on promotional activities. Ad spending to drive app installs on mobile devices is forecast to double to $12.9 billion by next year from 2018 in North America, according to a study that mobile attribution platform AppsFlyer shared with Mobile Marketer.
App install fraud has evolved as cybercriminals develop more sophisticated ways of generating fake activity that present significant potential losses for app developers that are seeking to drive more downloads.
"A few years ago, bots and fake installs were the big topic," Rina Matsumoto, performance optimization lead at Vungle, told Mobile Marketer. "Now, we see more click injection and click spamming."
Click injection, also called click sniping, targets campaigns that measure ad performance with what is known as last-click attribution, which gives credit for an app download or other sales conversion to the last ad a customer clicks. Fraudsters inject a fake click into the Android broadcasting system that indicates to other apps when a new app is being downloaded, and take credit for that download to collect payment from the advertiser.
Click spamming, also called click flooding, sends a large number fraudulent clicks in an attempt to get last-click attribution on an unrelated download. To detect this kind of fraud, app developers need to monitor their click-to-install rates, and understand certain benchmarks of how real mobile users install apps after clicking on an ad.
The click-to-install time (CTIT), which measures how long it takes for a mobile user to install an app after seeing an ad for it, is a common benchmark. Nearly uniform app installs over several days may indicate click spamming while a sudden barrage of installs may reveal click injection, according to AppsFlyer.
High-profile ad-fraud schemes
Several highly publicized incidents suggest that ad-fraud detection methods have improved.
The U.S. Department of Justice in November charged eight people for their alleged involvement in the "3ve" and "Methbot" fraud schemes that cost advertisers more than $36 million for ads that were never seen by real people. Google and cybersecurity firm White Ops helped the FBI in the investigation and botnet takedown.
Last year, several ad-fraud detection companies uncovered a complex scheme to defraud advertisers out of millions of dollars in media spending, BuzzFeed News reported. The fraudsters bought legitimate apps through a company called We Purchase Apps and transferred them to companies they had set up. They then captured the usage data about real app users to create fictitious activity among a complex network of bots.
In February, tech giant Oracle said it discovered a mobile ad fraud operation it called "DrainerBot" that had infected millions of Android apps. The bot wasted the media spending of advertisers by generating fake viewership of video ads that didn't appear on the screens of mobile devices. Perhaps even more insidious, all that video streaming used vast amounts of data and potentially exposed smartphone users to hundreds of dollars a year in data overage charges.
Given what's at stake with mobile ad fraud, advertisers need to stay on top of the latest developments and keep communicating flowing with their partners.
"Advertisers are most incentivized to stop ad fraud because it's their money getting wasted," said Vungle's Matsumoto. "It's important for advertisers to be aware of the problem and to demand transparency."