Mobile ad fraud: Are you really reaching your audience?
MARKETING and advertising are important for boosting business. However, are you sure your ads are reaching the right customers?
Mobile ad fraud is growing and evolving. Every year, it is estimated to costs marketers up to US$2.6 billion. This number is rising, and the attacks hit all kinds of applications and platforms.
AppsFlyer released its findings on The State of Mobile Fraud for Q1 2018. They found 30 percent more fraud in this quarter, compared to the previous year. In 2018 alone, fraud has already cost advertisers US$700-$800 million worldwide, and we’re only in March.
Normally attackers exploit weaknesses in mobile advertising technology, to deceive advertisers, publishers, or supply partners. Usually, the objective is to steal from advertising budgets.
The study showed that in Asia, fraud rate is much higher than the global average. Singapore was hit the hardest by fraud, with as much as 27 percent of installs being noted to be fraudulent.
Shopping apps are favorites for fraudsters, costing the industry $275 million this quarter. That is followed by gaming, finance and travel apps. This is not surprising, given that these apps that have higher CPIs (Consumer Price Index), or a huge scale of operations.
Attackers tend to favor these kinds of platforms because the payout is higher. For apps with high CPIs, the consumers on it tend to have higher buying powers. Whereas for apps such as gaming, the scale is huge; thus, small payouts add up quickly.
On average, out of 1000 apps that were installed via an ad campaign, 115 of them are fraudulent. That is more than 10 percent and these instances continue to grow.
The attacks also do not discriminate based on the platform. Although Android OS is more vulnerable to attacks, iOS is a lucrative target and remains vulnerable to particular types of attacks.
There are four main types of fraud: click flooding, install hijacking, device farming, and bots.
Click flooding is when a “flood” of false clicks reports are sent on behalf of real devices. When the device downloads the app, however, the attacker’s publisher is falsely credited instead.
Install hijacking is when a genuine user downloads the app, but an attacker “hijacks” by sending a false click report and injects false referrer data.
Device farming takes advantage of a lot of devices making actual clicks, downloads, and interactions with the app. The device IDs then get reset, to perform the tasks again. These are mostly for instances where the advertiser gives incentives from their ads.
Bots are malicious codes that simulate an ad click. Bots send clicks, installs, and in-app events for installs that never occurred. This is currently the biggest threat, replacing device farms.
The challenge for many of the marketers is that fraudster’s improving ability to mimic legitimate traffic. New measures are constantly needed, to keep up with the evolving types of fraudulent activities.
Regular updates on SDKs (Software Development Kit) are important to keep your business protected. Businesses should also take note of any discrepancies in data, such as App Store numbers and your reporting platform, or changes in conversion rates.