Mobile ad fraud is in the midst of a period of rampant innovation.
That was the takeaway of a recent report from app marketing firm Adjust, which found that the rate of fake app-installs, clicks, attributions and other mobile scams doubled in the past year alone. The company said around 7.3 percent of the 3.4 billion app-installs and 350 billion interactions it monitored in the first quarter of the year showed evidence of fraud.
Adjust’s ad fraud specialist, Andreas Naumann, said the spike was the result of bad actors creating new ways of tricking marketers, giving those fraudsters a leg up in the constant cat-and-mouse fight.
“2017 was the year of innovation and evolution for fraudsters,” Naumann said. “A lot has happened.”
Much of that innovation involves a method of faking app installs called SDK spoofing, in which hackers are able to make it appear as if a download has taken place by breaking into the communication line between developer-side analytics tools and back-end servers. This type of fraud is harder to spot than conventional methods of faking installs because it traces back to real users rather than imaginary ones.
Adjust says SDK spoofing made up about 37 percent of the fraud it found, while click injection accounted for 27 percent, other fake installs 20 percent and click spam 16 percent. In some cases, SDK spoofing ate up as much as 80 percent of a single campaign’s budget. The app categories hardest hit by SDK spoofing are gaming (29 percent), ecommerce (27 percent) and food and drink (17 percent).
Click injection, a scheme in which fraudsters steal credit for app-installs by remotely hijacking a user’s device and clicking an ad immediately after an app is downloaded, has also reached new levels of sophistication, according to Naumann.
This type of fraud, which relies on signals sent between Android apps when a new one is installed, was previously relatively easy to identify. But Naumann said hackers have more recently discovered ways to time the process in such a way that it leaves a less noticeable trace.
Christopher Farm, co-founder and CEO of mobile marketing firm Tenjin, said fraud tends to be concentrated in more opaque open exchanges. Most of it can be avoided by sticking to smaller private networks that more strictly vet the parties involved. But the problem comes when marketers face pressure to hit sky-high download or engagement targets on a limited budget, he says.
“Once the ability to grow through a specific channel starts to max out, then they might find other ways to grow, and that’s when they start to run into these more fraudulent places,” Farm said. “Let’s say there are 10 premium networks. You are an app developer and you want to get a bunch of installs. Ten networks will definitely suffice for the period of time that you’re growing as a small company… But at some point, you’re going to cap yourself off.”
This scramble gives rise to an environment in which every actor in the ads supply chain except for the companies footing the bills might have an incentive to overlook fraud to keep up the illusion of big numbers. Naumann claims that’s allowed fraudsters to pump their sizeable profits into developing new ways to defraud the system.
“I would say that the fraudsters have earned so much money in the past years—like ridiculous amounts—because nobody took any notice when they found out it was going down,” Naumann said. “They can actually invest tons of money into talent and buying good solutions for the things they want to do.”
Meanwhile, the ever-growing rate of fraud may be starting to take a toll on the industry’s overall growth, according to Maor Sadra, CRO at mobile marketing firm AppLift.
“This is—I think correctly—definitely the number one high-profile topic, which is probably, maybe, slowing down the progression of the industry,” Sadra said. “If I were a triple-A brand, I would be hesitant to go into mobile advertising right now.”
But growth in fraud isn’t likely to let up anytime soon, marketers and researchers say. Sadra says its next big frontier is artificial intelligence, through which scammers can create a more realistic simulation of human traffic with none of the distinguishable patterns on which researchers rely to root out fishy behavior.
“Click spam has been big since I started in the industry,” Naumann said. “I’ve been fighting it for 10 years, and I have lost every round.”