App-ads.txt Rolls Out to Fight Mobile Ad Fraud, but Will Brands and Publishers Embrace It?

On Wednesday, the Interactive Advertising Bureau Tech Lab—the consortium behind the initial fraud-busting ads.txt toolkit—announced the final version of app-ads.txt was ready for release. This new initiative, meant to combat ad-savvy fraudsters working in the mobile space, allows ad buyers to ensure they’re buying legitimate product, but first brands and app stores must play ball and embrace the tool.

Here’s how it works: A premium app publisher—say, The New York Times—can list off the select ad-tech vendors authorized to sell or resell its personal ad stock. Then, someone buying ad space on a Times-branded-app can look over these lists over to ensure the inventory they’re buying through programmatic channels actually comes from the Times itself, rather than a scammer masquerading as that particular brand.

This “domain spoofing” hack is just one of the dozens of ad scams that bleed mountains of cash from mobile advertisers every year. Mobile ad spend hit an all-time high of $76.17 billion last year, according to eMarketer’s estimates, easily outspending ad spend in television, radio or print.

Meanwhile, Juniper Research estimated that those same advertisers would put $19 billion of those dollars into fraudster’s pockets annually. Even if they eventually get caught, millions of mobile-users are still unwittingly downloading fraud-filled apps every day.

The app-ads.txt rollout should curb some of these scams—assuming brands take the time to set up shop correctly. “We saw with ads.txt that implementation didn’t happen overnight,” said Barry Adams, the general manager at BidSwitch. “And in some cases, there were publishers that made sloppy mistakes, and others were frankly greedy, and just put the names [of any ad tech vendor] on file. Hopefully they learn from their mistakes this time.”

The IAB Tech Lab is pushing publishers to link to their newly-minted app-ads.txt files on their web domains, and is also pushing app stores to include links to said domains through the app listings.

Pushing app stores will arguably be the hardest part, according to Isaac Schechtman, director of sales engineering at BidSwitch. Right now, the only app store compliant with these new regulations is Google Play, which controls apps for Google’s Android products. Neither Apple nor Amazon have opened their stores to let perspective buyers “crawl”—or manually inspect—an app’s particular ads.txt file for fraudulent activity straight from the app store.

Schechtman estimated that a few hundred apps—a fraction of the store’s 2.6 million—have created their own ads.txt files, and with the the spec officially out in the wild, “hopefully adoption will start picking up relatively quickly.” Until Amazon, Apple and others open their data to public crawling, he said, those seeking to adopt ads.txt in those spaces need to rely on third-party services.

“It’s not surprising,” he added. “Since day one, Apple has been very open and forward about the limiting of access to their user’s information and their entities—and that includes the app stores.”

Without the incentive of the majority of publishers using its app store, he added, the tech giant has no incentive to formally adopt app-ads.txt in-house.

“They don’t mind if you want to jump through those hoops to get that data,” he said, “but they’re not going to enable a doorway in their wall to help you with it.”

Apple declined to comment about their future plans for implementing app-ads.txt.