How to fight mobile app spoofing

Thwarting ad fraud tactics on desktop is daunting enough, but tackling fraudsters’ moves in the mobile world is now a significant concern as new threats surface daily. 

Beyond domain spoofing, one of the most vexing problems brand marketers need to take a careful look at is fraud in the mobile universe, specifically, fraud in the in-app world – an area that is little understood by most brand marketers. 

Mobile app spoofing occurs when the app on which the ad impressions is generated is misrepresented. But instead of sending a fake URL as is the case with domain spoofing, the app sends a fake bundled ID, which is the identifier of the app.

The bundled ID allows the fraudulent app to disguise itself as a premium app. In this way, mobile app spoofing behaves much like domain spoofing which allows fake or brand unsafe sites to disguise themselves premium domains.

Beyond bundled ID spoofing, fraudsters are using increasingly nefarious and sophisticated tactics to misrepresent inventory in other ways. Specifically, location and device ID spoofing.

Location spoofing occurs when a bad actor sends fake GPS data to advertisers, often to garner higher CPMs and simulate highly targeted ad inventory. Device ID spoofing allows fraudsters to send fake device data to advertisers (the identifier for a phone), with the goal typically being hiding fraudulent activity in “noise”. 

Powerful algorithms to detect and cripple fraudsters are available to thwart mobile app spoofing but brand marketers need to be aware that mobile app spoofing is a problem in the first place. Brand marketers are allocating more budget to apps because they know consumers are spending more time with their mobile devices–and brands want to be wherever consumers are. 

According to the Internet Advertising Revenue Report from PwC and the IAB, ad revenue in digital grew to $72.5bn (£54.7bn) in 2016 with mobile ads accounting for more than 50% or $36.6bn of that spending.

Unfortunately, fraudsters have figured this out, and are busy infecting the mobile world. They know that mobile inventory fetches a higher cost per thousand or CPM, and in-app inventory is more appealing to brand marketers.

Here are three points to keep in mind where mobile app spoofing is concerned:

1. When advertising in-app, be vigilant against bundle ID spoofing. Identify partners with deep expertise in detecting the state-of-the-art methods that fraudsters use in the in-app world to evaluate the players on your media plan over time
2. Don’t focus only on detection, but proactively pursue prevention, especially through pre-bid verification filters.
3. Buyers should develop a relationship with their media sources. Ask media sources what they’re doing to limit fraud within their inventory. Make sure that they’re taking a proactive role in keeping fraud levels under control.

 Amit Joshi is director of product and data science at Forensiq