This week, mobile marketing platform AppsFlyer named Andreas Naumann its -- and likely the ad industry's -- first anti-fraud evangelist. At least by official title, if not in actual practice.
Naumann says his main job will be taking the volumes of data AppsFlyer sits on and using it to help educate the entire mobile advertising ecosystem, especially advertisers and agencies, because he believes that due to other complicating matters -- like Apple and Google privacy-framework updates -- they have taken their eye off the ball.
While mobile ad fraud has not spiked during this period, it has grown steadily, and Naumann says he's detecting some strange behaviors -- not just from apparent fraudsters, but from some advertisers themselves -- that the entire industry should be thinking about. The following Q&A drills into that, and answers the question: Why has mobile become the biggest vector for ad fraud? (Hint, the answer is in the palm of your hands.)
Mobile Insider: To the best of your knowledge, this is an industry-first role. Do you think it’s long overdue?
Andreas Naumann: I have been doing nothing but fraud detection and fraud prevention since 2007, so I feel very at home in this space. But for much of the industry, sometimes fraud is important, and sometimes fraud falls into the background as other things become more important.
Mobile Insider: The ad industry has always had bad actors who wanted to take advantage of it. Has mobile put ad fraud on steroids? There are just so many potential vectors and technological innovation creating new opportunities for fraud. How do you stay on top of it?
Naumann: Research. With ad fraud, there’s the things that you know and then there are the things that you know you don’t know, but want to look into. And then there are the unknown unknowns, which we usually stumble into finding out about.
Mobile Insider: AppsFlyer has been doing a good job of shedding light on the problem, but are there new vectors emerging that we should start thinking about? Is generative AI something we should worry about?
Naumann: I don’t see a lot of potential for mobile ad fraud from generative AI, just because fraud schemes are deeply technical and you’d need to have a deep, technical understanding of how attribution works and how measurement works in order to manipulate the signals that would need to be manipulated.
Generative AI is a lot more interesting when it comes to things like social engineering, creating fake profiles, getting trust that you shouldn’t be getting from fraudulent parties.
Mobile Insider: I’m not expert on ad fraud, but I think of it as things like sophisticated invalid traffic, which sometimes comes from fake user profiles and fake accounts being credited like legit accounts. Can’t this new generation of bots pose better than systems can detect them?
Naumann: If you think about things like Twitter and Facebook accounts that are being generated out of available data and AI pictures of people that never actually existed, then yes. But in our sphere, everything comes down to devices running software and that software communicating with other software through those devices -- so everything is very tied to the platform, the systems and the underlying tech of mobile devices and their communication with a good server infrastructure, basically.
So there’s not really a way in for that. I mean, even if you used generative AI to create a fake company with fake employees, I still think there are much easier ways to get your hands on an advertiser’s money without having to fake a direct partnership like that.
The big thing that fraudsters leverage is the opacity in the ecosystem, where they can hide behind the direct partnerships. It’s never the networks that are the fraudulent party. The networks are the medium between the fraudulent parties and the advertiser.
Mobile Insider: Yeah, there’s always an energy factor in advertising fraud: how much energy does a fraudster have to put in, versus what they get out. Is is worth the squeeze? So what are the next new things you’re starting to think about mitigating for?
Naumann: Right now, I’m still learning the ropes of what the capabilities are [at AppsFlyer] and to be quite honest, that is going to take me some time, because there’s a lot to look at: a ton for me to figure out. What my role is going to be for the next couple of months is, on the one hand, look a lot deeper into educating the market. Obviously, our clients, but also speaking publicly and bringing attention back to fraud.
There’s this narrative that fraudsters go through constant evolution to beat the anti-fraud systems, but in the anti-fraud space, nothing much has happened in the past two years, so the fraudsters really didn’t have to innovate, because the stuff they did two years ago still works today.
And if you want to be even more cynical about it, click-based fraud has been around since 1997, and it’s still quite lucrative. Obviously, there have been some evolutionary steps within those fraud schemes and the fraudsters got better and more cost-effective, but the underlying technical problems are still the same ones that were being exploited years ago. They’re just baked into the system of how the internet works.
Mobile Insider: So are we at an ad fraud equilibrium now? Will that status quo remain for some time?
Naumann: For some time, yes. I would argue that for the past couple of years, mobile advertisers were a lot more occupied with figuring out how iOS 14.5 works, and how the new privacy world looks so they can run their campaigns. And fraud became somewhat of an afterthought.
And that goes through the entire ecosystem. The advertisers needed to figure it out. The networks needed to figure it out. The agencies needed to figure it out. The measurement companies needed to figure it out. Everybody was scrambling. And when the Google Privacy Sandbox releases, it’s probably going to be a similar thing, which means the fraudsters are having a much easier time, because people’s attention is divided right now.
Mobile Insider: So we’ve taken our eyes off the ball?
Naumann: Exactly. It’s not by any fault of their own, but I want to make sure that we keep at least a modicum of discussion going on around the topic of fraud and how we are dealing with it.
Mobile Insider: Given all that divided attention, why hasn’t ad fraud gone up during this period? Is it that bad actors have gamed the system as much as they possibly could with the current system?
Naumann: We see what we see and what we measure, and there’s going to be a new [AppsFlyer] fraud report in April. And for at least the period through 2022, the trend has been going up month to month. It’s nothing drastic, but there has been a steady increase in what we’ve detected.
That also comes down to what we are able to detect and what we’re encouraged to detect, because not all of our clients want to have fraud prevention. There’s also some advertisers that build their own attribution models that basically factor in the risk of ad frauds on their media mix.
Mobile Insider: So for some marketers, it’s part of their cost of doing business? It’s just baked in for them?
Naumann: Exactly. And there also are some advertisers that have a strong incentive of leveraging what we would call fraudulent traffic by capitalizing on their organic influx in ways that they get users to brand advertising through word-of-mouth. They capitalize it through paid media in order to show that they can get a higher amount of users into their app for a lower price, which makes them look more attractive for investment.
Mobile Insider: That’s a first for me. I never knew there was an ancillary benefit from ad fraud for some marketers. It’s weird, because it may not be fraudulent for them to do that, but they are benefiting from it.
Naumann: I have not encountered that from what I would call a “mature” company. It’s for companies that are looking for a growth spurt.
Mobile Insider: That’s interesting to me, because I believe everything in this industry falls on a spectrum from ethical to legal to illicit to illegal. Is there some meeting point between best practices, grey markets and black markets where legitimate advertisers step over the line? Are there other unintended use cases like that -- permissible and legal and quasi-legitimate -- where advertisers benefit from ad fraud?
Naumann: Yes, because the incentive structures are what makes fraud happen. And there are very different kinds of fraud. And not all of them are like the black-hat hackers that sit in a dimly lit room running a bot net. There’s a great variation, and some of them are legitimate businesses that are trying to diversify their revenue stream and it actually gets through, because all the intermediaries between the actual fraudster and the advertiser are paying for it, so an advertiser might have an incentive to -- not become actively fraudulent -- but at least not look too hard for it, right?
I mean, if you get 5% from all the traffic running through your system, and you are the one that cleans house, then you’re the one that looks bad, because you’re the one getting the least amount of reach for the highest price. To put it in a nutshell, fraudsters are trying to convince the market that the attention and engagement of legitimate human beings is an unlimited commodity that can be had at a very low price, which is not true.
That is the fallacy. The attention of a human being, especially for advertising, is extremely limited. If you really want to grab the attention of a person who is an extremely rare commodity, it’s going to be expensive.
So anything offering 10x the amount of attention for a tenth of the price is not a real deal. And that is something the entire ecosystem doesn’t want to confess to. I mean, I read about a branding campaign that ran in the U.S. only, and it got 7 billion impressions in a week. How is that possible? And how is that a point of pride? You should be concerned about those numbers, but people aren’t.
Mobile Insider: I’d love to drill into that more, but we are out of time, so let me ask you one final question: Why is the mobile medium the biggest vector for advertising fraud?
Naumann: Because it’s accessible. And you don’t need to have a laptop or a desktop. I mean, people are still afraid of computers, but they all use their phone. So mobile, I think, is a computer in your pocket.