Ad fraud has come to mobile apps in a big way, according to a new study on “mobile device hijacking” by ad fraud detection firm Forensiq.
Forensiq says its fraud detection platform identified more than 5,000 mobile applications committing ad fraud while monitoring for irregular impression traffic patterns on various real time bidding (RTB) ad exchanges. “Fraudulent apps were observed generating traffic through most major ad exchanges and networks. These apps would establish on average 1,100 connections per minute and communicate with 320 ad networks, ad servers, exchanges and data providers in the course of an hour.”
Over a 10-day period, the company says it observed more than 12 million unique devices with “infected” apps, affecting about one percent of mobile devices it observed in the US and two to three percent in Europe and Asia. Based on the activity it observed, Forensiq estimates an annual loss to advertisers of more than $857 million globally, based on CPMs of $1.00 on Android and Windows Mobile and $1.25 on iOS platforms.
Much like botnets that infect unknowing users’ computers, many of these apps were found to run constantly in the background on smartphones and serve thousands of ads a day that are never seen by users. When an app did run in the foreground, only 10 to 20 percent of the ads were viewable.
In some cases, the apps were designed to commit ad fraud; in other cases, Forensiq saw programmatic activity from apps that don’t carry advertising. The company thinks the apps are “victim[s] of app spoofing — the publisher or mobile advertising platform may modify the app headers passed to the exchange in order to misrepresent the inventory as a different app.” Messaging apps Wickr and BBM are two of the applications seen to be affected by this type of activity.
Because these apps serve ads as often as 20 times per minute, they can also eat up data plans, causing a device to waste 2 GB of data per day.
“Malicious apps often request suspicious permissions, which include being able to prevent the device from sleeping, run at start-up, modify and delete content on the SD card, and access location services while running in the background. Many of these permissions are requested even if genuine features of the app would not require them.”
Forensiq also says it saw that some apps downloaded a script to simulate random clicks and load an advertiser’s landing page without the user’s knowledge. Other apps automatically redirected users through affiliate links to websites asking users to purchase items or other apps on the app stores.
In-app fraud was detected across operating systems. The percentage of apps flagged on Android was nearly three times that of iOS, however.