What Brand Marketers Need to Know about Mobile Ad Fraud

Mobile is increasingly seen as the next frontier for bad actors

The IAB’s incoming chairman says, ‘We have to make measurement make sense.’ Getty Images

Ad fraud remains a pernicious problem for marketers and the entire digital advertising ecosystem despite several worthy industry initiatives looking at tactics to address it. Recently, the issue prompted Google to issue refunds on its fees to advertisers whose ads reached bots rather than humans. And ad fraud is costly—estimates hover anywhere from $7.2 billion to$16.4 billion.

Now, fraud has seeped into the mobile universe where it threatens the estimated $5.7 billion app-install advertising business in the U.S. Mobile can be a particularly challenging environment in which to track fraud as tools that are used for the desktop aren’t necessarily applicable to mobile devices. At this point, mobile fraud is something of a Wild West with plenty of runway for fraudsters to wreak havoc. Fraudsters are increasingly going after mobile as app-install revenues and mobile marketing continue to grow.

As fraudsters’ methods become more sophisticated, antiquated approaches to detect install (conversion) fraud, such as checking for virtual machines or emulators, are limited because fraudsters are now using tactics like install farms. Similarly, older methods to detect attribution fraud, such as analyzing install rates for anomalies, are ineffective because they’re using techniques like click-injection on Android devices.

While bad actors continue to look for new ways to remain under the radar and undermine the digital ad supply, marketers need to become more informed in order to protect their businesses. Given the staggering amount of money at stake, there’s a surprising lack of understanding about the different kinds of fraud and how they’re generated.

Mobile ad fraud is multiflavored

There are many different types mobile-install fraud ranging from faking app installs using emulated devices (software that runs multiple operating systems on a single computer) to stealing the credit for organic installs, which is referred to as attribution fraud, a method where credit is stolen for organic installs.

Given the staggering amount of money at stake, there’s a surprising lack of understanding about the different kinds of fraud and how they’re generated.

Some advertisers turn a blind eye to mobile-install fraud, because the paid installs for purchased apps, though fake, still boost their App Store rankings on iOS and Android platforms. The reason this boost is important is because a higher ranking on the App Store helps drive real, nonfraudulent installs. Some advertisers may restrict their cost-per-install payments to a purchase an event rather than an install. For example, a travel service paying out on the value of the first hotel booked, rather than an install. While one of the motivations for doing so can be to limit install fraud, the stricter standards also limit the volume and reach a brand would otherwise be able to generate.

In the performance advertising arena, marketers pay upon conversion events such as app downloads or purchases. Fraudsters attempt to steal credit for conversions they didn’t drive, thereby gaming attribution. In the case of programmatic fraud, advertisers pay on a CPM basis, and mobile bots or mobile device hijacking allow loading as many ads as possible from fraudsters to make money.

Another form of manipulation occurs when mobile device IDs are reset by fraudsters in order to obtain a fee from marketers who assume they are paying for legitimate installs. One study projected this type of fraud accounts for as much as $1.3 billion, or about half of app-installation fraud. Organized groups use physical “device farms” that hold hundreds, if not thousands, of mobile devices to hide their activity in order to perpetrate ad fraud, while resetting device IDs to simulate legitimate installs.

Some fraudsters have moved beyond device farms to virtual-server farms that seek to emulate devices in the cloud to leverage complex scripts and open proxies to automate app installs. The upshot is that installs may appear as though they’re coming from locations marketers want, as opposed to the farms that are actually generating them.

Here’s how you can get up to speed—monitor everything

So what can you do? First, get serious about fraud education and get up to speed on the different types of fraud with special attention to mobile. Make sure the partners you work with are helping you fill in the gaps. Second, monitor everything—not just KPIs around viewability, but nonhuman traffic levels—and make sure your ads are appearing where you assume they are. Fraud doesn’t take a holiday so you and your team need to remain vigilant and monitor.

Brand marketers need to take a firm stand against fraud by adopting a zero-tolerance policy and building on the clarion call that Marc Pritchard, P&G chief brand officer, issued earlier this year. After all, marketers’ budgets are taking a direct hit from fraud and the costs continue to mount.

With marketers’ leadership, all industry stakeholders can come together in a meaningful way—brands, agencies, networks, exchanges and others—to say they won’t tolerate fraud in any part of the supply chain, blacklist bad actors and work together on shared solutions.

David Sendroff (@davidsendroff) is CEO of Forensiq, a leading fraud detection platform provider.