Mobile Display Fraud
is Rampant Beyond Belief
Augustine Fou, PhD.
acfou [at] mktsci.com
212. 203 .7239
June 2018 / Page 1marketing.scienceconsulting group, inc.
Mobile is 57% of digital spend
Source: IAB Full-year 2017 Digital Advertising Report
June 2018 / Page 2marketing.scienceconsulting group, inc.
"Fraud in mobile advertising is more tricky than just fake
impressions, clicks, or installs. App advertisers can check
when a user actually takes an action with their app after
install to check legitimacy. The issue becomes which ad-
network supplier gets credit for delivering that install. So
attribution fraud is the major concern: where advertisers
pay ad-networks, based on attribution vendor reporting, for
installs that happened organically or by different marketing
methods." -- Shailin Dhar, Method Media Intelligence
June 2018 / Page 3marketing.scienceconsulting group, inc.
Main forms of mobile fraud
Install FraudImpression Fraud
“fake devices installing legit
apps, get paid on CPI”
“fake or fraud apps load
display ads, get paid CPM”
Mobile display spend $25B (2017)
Source: eMarketer, April 2017
App install spend $6B (2017E)
Source: BusinessInsider, June 2016
June 2018 / Page 5marketing.scienceconsulting group, inc.
Which is easiest for bad guys?
Fake Apps on
Adware SDK in
Wait until unsuspecting
downloads malware on
real mobile devices
Wait until app developers
install SDK into their real
apps and humans to
download and use apps.
No limits - apps are easily
cloned, and mobile
emulators are easily
“spun up” in data centers
June 2018 / Page 6marketing.scienceconsulting group, inc.
Half of humans download 0 apps/mo
June 2018 / Page 7marketing.scienceconsulting group, inc.
Apps’ primary revenue is ads
June 2018 / Page 8marketing.scienceconsulting group, inc.
75% mobile revenue from games
June 2018 / Page 9marketing.scienceconsulting group, inc.
Top mobile apps by ad revenue
Top mobile apps
by ad revenue
spend the most
June 2018 / Page 10marketing.scienceconsulting group, inc.
Massive, scalable display fraud
• 40 bad apps to load ads
• 36 million fake devices to load
bad apps that load display ads
• e.g. 30 ads per device /minute
• 30 ads per minute = 1 billion
fraud impressions per minute
• 250 million infected computers
• primary use = traffic for ad fraud
• 4 ads /pageview (2s load time)
• fraudulent impressions at the
rate of 30 billion per minute
Source: Forbes, May 2017 Source: Checkpoint
June 2018 / Page 11marketing.scienceconsulting group, inc.
(2015) Apps doing ad fraud
Source: BusinessInsider, July 2015
“A user downloads an app
from the official app store
— which may look
legitimate and have
hundreds of positive reviews
— which then runs in the
hundreds of ads at a rate as
high as 20 ads per minute”
Known and documented
for years – now mobile is
majority of digital spend
June 2018 / Page 12marketing.scienceconsulting group, inc.
(2017) Handful of bad apps
1 (52% of impressions) 2 (48% of impr)
66% avg fraud
18% avg fraud
1. 9% of the apps caused 52% of impressions; 66% outright fraud
2. Remaining 91% of apps caused 48% of impressions, 18% outright fraud
• 1 billion mobile display impressions
• Nearly 1,000 apps cross referenced with SDK
June 2018 / Page 13marketing.scienceconsulting group, inc.
Fraud apps load impressions
Source: ImpScore.io - https://www.youtube.com/watch?v=w-i-ue8fPCc
“fake apps or fraud apps (real apps that misbehave) continuously
load display ad impressions in the background, inflate revenue”
June 2018 / Page 14marketing.scienceconsulting group, inc.
App cloning, free adware SDKs
Apps are cloned
thousands of times;
some didn’t even
bother to change
the colors or cover
Bad guys accidentally
cloned apps that
already had detection
SDK in it – from 312, to
750, to 1,330 copies.
Source: CNBC, Aug 2017
June 2018 / Page 15marketing.scienceconsulting group, inc.
Fake apps from real campaigns
June 2018 / Page 16marketing.scienceconsulting group, inc.
“Naked Ad Calls” (load ad, not page)
Why load the entire webpage when you can just
load the ad (save bandwidth) and get paid?
Pass fake data
via query strings
June 2018 / Page 17marketing.scienceconsulting group, inc.
Apps load webpages
“fraud apps sell traffic; use hidden webview browser to load pages”
June 2018 / Page 18marketing.scienceconsulting group, inc.
Fake app traffic – real dataRepeatedly load webpages (e.g. galleries) in sequence or random
June 2018 / Page 19marketing.scienceconsulting group, inc.
Apps load webpages, disguise
“fraud sites’ traffic from apps that also pass fake HTTP headers”
June 2018 / Page 20marketing.scienceconsulting group, inc.
Fake devices (mobile simulators)
Download and Install Apps
Launch and Interact
June 2018 / Page 21marketing.scienceconsulting group, inc.
Fake mobile devices – real data
Repeated hits by same device/browser, same ip address
June 2018 / Page 22marketing.scienceconsulting group, inc.
Fake devices pass fake location
Houston, TX Bozeman, MT
Fake devices declare fake locations to absorb higher ad spend
June 2018 / Page 23marketing.scienceconsulting group, inc.
90-99% of geolocation bad or faked
Source: Placed, Sept 2017
June 2018 / Page 24marketing.scienceconsulting group, inc.
Bad guys trick measurement
SDK Spoofing— code in an app that sends simulated ad
clicks and engagement signals to the attribution provider
… [to] fool an advertiser into paying for fraudulent
Attribution Fraud— code that executes clicks (click
spamming, click injection) so fraudster can claim credit
for downstream conversions.
Detection Tag Blocking— fake or fraudulent apps can
selectively block fraud detection tags or manipulate
June 2018 / Page 25marketing.scienceconsulting group, inc.
Mobile fraud is not caught
IAB: mobile fraud is
June 2018 / Page 26marketing.scienceconsulting group, inc.
Any device with chip/connectivity
used as 400
…can be used as a bot
June 2018 / Page 27marketing.scienceconsulting group, inc.
Economics of botnets explained
Source: MIT Tech Review, May 2018
attacks using a network of 30,000
bots can generate around
$26,000 a month. Spam
advertising with 10,000 bots
generates around $300,000 a
month, and bank fraud with
30,000 bots can generate over
$18 million per month. But the
most profitable undertaking is
click fraud, which generates well
over $20 million a month of
Botnets can be used
for a variety of things
June 2018 / Page 28marketing.scienceconsulting group, inc.
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
212. 203 .7239
June 2018 / Page 29marketing.scienceconsulting group, inc.
Dr. Augustine Fou – Independent Ad Fraud Researcher
Published slide decks and posts: