Opticks Security CEO Eduardo Aznar looks at the current state of mobile ad fraud.

Our latest report has revealed the extent to which fraudsters are using apps and bad bots to drive huge amounts of fraudulent traffic to mobile marketing campaigns in attempts to drain advertising budgets.

The Opticks 2020 Annual Ad Fraud Report, which draws on data taken from over 466bn site visits in over 200 global territories, exposes how fraudsters are employing low-risk, high-return mobile ad fraud techniques to bypass required advertising funnels to steal funds.

The report found that fraudsters are executing mobile ad fraud via two predominant methods. The first is app masking, whereby fraudsters fake app package names to hide their nefarious actions, which in turn dupes marketers into thinking they are legitimate apps. The second method is the generation of traffic from suspicious apps outside of the Google Play Store. These apps have either been banned from the Play Store for advertising non-compliance, or have never formally joined the Play Store.

In terms of mobile ad fraud and specific browsers, the report found that mobile ad fraud is prevalent in all browsers. However, it also demonstrated that fraudsters are more able to mask fraud within browsers that have smaller market shares or proprietary browsers that are only available for certain devices (such as Huawei Browser, Oppo Browser, etc). On the other hand, within browsers that have more extended usage or closed environments (such as in Android apps), mobile ad fraud becomes harder to execute, since they traditionally offer more security and present fewer vulnerabilities to end users.

Ad fraud localization
The report also explores the localization of ad fraud, and breaks down the data to show the incidences of ad fraud by type, continent, and on a country-by-country basis. Speaking of how geolocation is a significant factor directing fraudsters’ strategies, Opticks Software Engineer Marc Rubi says: “Most browsers outside Chrome/Chrome Mobile have their main market share in certain locations. For example, Opera and other data-saving browsers are strong in Africa and India. Browsers like Oppo and Realme have a strong presence in South-east Asia, while other brand-owned browsers, such as Huawei and MIUI Browser, are more global. Safari has strong markets in Europe, the Middle-East, and the US.”

As some of the less popular browsers are used in locations such as Africa, India, and South-east Asia, fraudsters are able to successfully target these locations more easily. 

Since mobile malware is so insidious, we have also curated our own benchmark of the top apps or app package names (APKs) performing fraudulent actions. Listed in the table below are the top five fraudulent Android Packages (APKs) found:

Speaking of the most insidious types of mobile ad fraud, Rubia says: “Invisible ads are one of the most devious forms of mobile ad fraud. Fraudsters use applications or websites to load huge amounts of ads in the background or off screen. Not only does this affect end users (wasted battery charge, for example), it also consumes technical resources (infrastructure, execution, and processing time), and marketing resources (budget and optimization efforts). Usually, invisible ads are easy to detect, but when left undetected, it can be pretty damaging for everyone.”

Skewed campaign data
With digital advertising budgets on the rise, marketers need to stay on top of the threats that mobile ad fraud poses to their efforts. Not only can fraudsters drain campaign budgets, but skewed campaign data leaves marketers unaware of how effective their ad campaigns truly are. Without proper anti-fraud protection, marketers then go on to devise future campaign strategies based on this inaccurate data.

Using a professional anti-fraud solution is key to protecting mobile ad campaigns, budgets, and data. Opticks analyses in-app traffic and keeps track of how fraud affects each package name, both inside or outside of Google’s Play Store, so that marketers can confidently build bigger, better, and safer campaigns.

The report also contains a wealth of data for industry stakeholders to help them better protect themselves against mobile ad fraud, including an analysis of the top 25 countries exposed to ad fraud worldwide, full breakdowns of country-specific ad fraud exposure across each continent, and an in-depth browser-analysis of susceptibility to types of ad fraud. Click here to access the full report.