Mobile ad fraud is keeping pace with the ever-expanding mobile market, says digital ad fraud detection firm Forensiq. The company's study details the nature and scope of ad fraud in mobile, including a new type of mobile in-app fraud called “mobile device hijacking.”
More than 13% of the 16.2 billion daily mobile in-app impressions Forensiq observed were flagged as high-risk. The company estimates the annual cost of fraud to advertisers is more than $857 million.
When a user downloads and installs a fraudulent app, the app begins to call a lot of ads. Such apps can continue to run even when closed or minimized, run on the background when the device is booted up, and can serve ads at a rate of up to 20 per minute.
Legitimate apps refresh ads every 30 to 120 seconds. The fraudulent app may ask for odd permissions that have nothing to do with its actual function. If the unwitting user agrees, the malicious software in the app is given space to work.
All this background activity can wear down a user’s battery quickly and use up to 2GB of data per day for a single app. Only about 10%-20% of the ads served end up being viewable to the user — and that’s if they have the app open.
The big difference between malware on mobile and on desktop is the intention behind it. A desktop user could unintentionally download something onto his or her computer and be none the wiser. Mobile users generally know and approve of an app download.
Most of the fraudulent apps aren’t household names or even all that popular. “It’s not Candy Crush,” says Mike Andrews, chief scientist for Forensiq. “But I don’t think it takes a major install base to get someone to install something once, use it once, and then have it run in the background.”
But it’s not like the apps don’t work either. “These are some good apps for consumers,” says Andrews, “in the sense that people like to play games or monitor their battery or practice making sushi. … So these apps look all right on the surface.” Still, Forensiq knew there was something wrong and had them flagged for fraud.
During a 10-day period, Forensiq’s team identified about 12 million unique devices with installed apps flagged for ad fraud. The company identified over 5,000 fraudulent apps for the study.
According to a video created by the team to visualize how the apps were working, advertisers like Nike and Unilever, as well as many others were being defrauded.
iOS users were found to have far fewer flagged apps on their platforms than Android users, which Andrews says is probably due to the stringent policies put in place by Apple for app developers.
David Sendroff, founder/CEO of Forensiq, hopes the study will "open a discussion and bring all stakeholders together around the issue.”