Study: In-app Ad Fraud Could Near $1 Billion Globally In 2015

Firm claims to find large number of "mobile device hijacking" instances in which mobile apps load hidden ads and simulate human activity similar to traditional botnets.

Chat with MarTechBot

mobile-smartphones-apps-ss-1920Ad fraud has come to mobile apps in a big way, according to a new study on “mobile device hijacking” by ad fraud detection firm Forensiq.

Forensiq says its fraud detection platform identified more than 5,000 mobile applications committing ad fraud while monitoring for irregular impression traffic patterns on various real time bidding (RTB) ad exchanges. “Fraudulent apps were observed generating traffic through most major ad exchanges and networks. These apps would establish on average 1,100 connections per minute and communicate with 320 ad networks, ad servers, exchanges and data providers in the course of an hour.”

Over a  10-day period, the company says it observed more than 12 million unique devices with “infected” apps, affecting about one percent of mobile devices it observed in the US and two to three percent in Europe and Asia. Based on the activity it observed, Forensiq estimates an annual loss to advertisers of more than $857 million globally, based on CPMs of $1.00 on Android and Windows Mobile and $1.25 on iOS platforms.

millions lost to in-app ad fraud, forensiq

Source: Forensiq, global annual loss estimate

Much like botnets that infect unknowing users’ computers, many of these apps were found to run constantly in the background on smartphones and serve thousands of ads a day that are never seen by users. When an app did run in the foreground, only 10 to 20 percent of the ads were viewable.

In some cases, the apps were designed to commit ad fraud; in other cases, Forensiq saw programmatic activity from apps that don’t carry advertising. The company thinks the apps are “victim[s] of app spoofing — the publisher or mobile advertising platform may modify the app headers passed to the exchange in order to misrepresent the inventory as a different app.” Messaging apps Wickr and BBM are two of the applications seen to be affected by this type of activity.

Because these apps serve ads as often as 20 times per minute, they can also eat up data plans, causing a device to waste 2 GB of data per day.

“Malicious apps often request suspicious permissions, which include being able to prevent the device from sleeping, run at start-up, modify and delete content on the SD card, and access location services while running in the background. Many of these permissions are requested even if genuine features of the app would not require them.”

Forensiq also says it saw that some apps downloaded a script to simulate random clicks and load an advertiser’s landing page without the user’s knowledge. Other apps automatically redirected users through affiliate links to websites asking users to purchase items or other apps on the app stores.

In-app fraud was detected across operating systems. The percentage of apps flagged on Android was nearly three times that of iOS, however.

in app fraud by OS, forensiq

Source: Forensiq, based on 30 days


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


About the author

Ginny Marvin
Contributor
Ginny Marvin was formerly Third Door Media’s Editor-in-Chief, running the day-to-day editorial operations across all publications and overseeing paid media coverage. Ginny Marvin wrote about paid digital advertising and analytics news and trends for Search Engine Land, Marketing Land and MarTech Today. With more than 15 years of marketing experience, Ginny has held both in-house and agency management positions. She can be found on Twitter as @ginnymarvin.

Get the must-read newsletter for marketers.