Mobile Hijack, Why Apps Aren’t Safe From Fraudsters

Ad fraud receives a lot of attention in the trade press and occasionally rears its ugly head in the national press too. The problem is that committing ad fraud is relatively easy (Mikki Kotila explained how in a recent episode of TraderTalk TV) and the chances of being caught are relatively low, so the fraudsters stay in the game.

The challenge is staying one step ahead. Each time ad technology companies and publishers bring a new ad format or distribution channel to market, fraudsters scrabble around to devise a way to deploy their devious methods and cream off some of the new available revenue. At the same time, ad tech companies and publishers try to anticipate what the fraudsters will do next and put in place mechanisms to detect and block fraud before it even happens.

Speaking exclusively to ExchangeWire, Erol Soyer, managing director – international, at Forensiq discusses how a new type of ad fraud has been uncovered and how advertisers and technology companies can collaborate to reduce fraud and make online a safer place for brands.

Fraud is the unwanted by-product of technological evolution. As each new development alters consumer behaviour, advertisers adapt to meet the needs of their audience – but they are not alone. Where advertising budgets go, fraudsters follow. With smartphones now accounting for nearly eight in ten handsets, mobile advertising is booming and global mobile ad spend is set to account for over $68bn by the end of 2015. So, has the rapid growth of mobile made it vulnerable to fraudulent activity?

To find out, Forensiq conducted a study to explore the ways in which brands can be defrauded through mobile advertising. What we discovered was a new type of ad fraud that is quietly but successfully infiltrating mobile devices via thousands of applications and costing the industry millions. 'Mobile device hijacking' is here and apps are no longer safe from the clutches of fraudsters.

Uncovering a web of hidden ad fraud

The study began with the identification of fraudulent apps. Forensiq tracked real-time data via algorithms built to recognise suspicious, non-human traffic. The analysis detected over 5,000 applications exhibiting the rapid ad-loading and background functions consistent with fraudulent activity. Over the course of ten days, apps identified as high-risk were observed across 12 million unique devices.

To monitor the activity, high-risk apps were downloaded using an Android emulator and physical Apple devices from trusted app stores, and each app was analysed individually to produce accurate, unbiased results. By observing the traffic going to and from the devices, it became clear that high-risk apps were serving mobile ads at a rate that far exceeded what was visually apparent. Delving deeper, app behaviour was observed while running in the background, when the device was restarted and when the user manually exited the app, to create a comprehensive picture of app behaviour in every scenario.

The high cost of hijacking and wide reach of hijacking

Findings showed that mobile device hijacking is operating at astonishing speed and on a vast scale. Affecting 13% of global in-app pre-bid advertising inventory, invisible ads are costing advertisers an estimated $857m each year – an expense that is likely to increase as hijacking becomes more sophisticated. With its capacity to exploit the current limitations of mobile advertising protection, it is predicted that the price of mobile device hijacking will reach $1bn globally in 2015.

At their present level of development, high-risk apps serve ads at a rate as high as 20 ads per minute, in comparison to normal ads, which refresh ads every 30-120 seconds. Even when not in use, the apps run constantly, serving thousands of invisible ads to each device, every day. Despite rigorous approval processes, these apps have made their way into the Google and Apple stores consumers know and trust, and are therefore used frequently.

When a typical malicious app can consume 2GB of data per day, including pictures and video, consumers are placed at equal risk of being defrauded. Not only do downloads drain battery life and make crashes more frequent, they also consume user’s data allowance at a rapid rate. Pushing past pre-paid limits, the voracious consumption of mobile data forces users to pay higher rates for exceeding their allocated data package.

As mobile usage overtakes desktop, advertisers will continue to develop new technologies to access consumers and fraudsters will never be far behind. It’s a perpetual arms race that can only be fought with vigilance and most importantly —information. The more data that can be gathered about the activities and techniques of fraudsters, the better equipped the advertising industry will be to stop fraud.

However, winning the battle will require greater collaboration across the advertising industry. By working together to raise awareness of new fraud tactics and implement best practices to guard against them, industry bodies and advertisers can make the digital space a safer place for everyone.

To see a video of 'Mobile Device Hijacking' in action and to get more information about the study, visit the link here.