Mobile Ad Fraud Cost Marketers Nearly $1B Annually, Study Finds
A new type of ad fraud called mobile device hijacking could cost advertisers more than $857 million this year, according to a study from the ad fraud detection firm Forensiq. The fraudulent ads are served in the background after mobile device users download seemingly innocuous apps and games and grant permissions that enable those apps to hijack their devices to deliver fraudulent ads.
Unlike botnets that are also responsible for large volumes of online ad fraud, the mobile device hijackers are enabled, albeit unintentionally, by users who approve permissions they believe they need to run the apps they've just downloaded. Instead, those permissions allow hijacker apps to begin loading hidden ads without the users' knowledge, often as soon as their devices are booted up, rather than just when they launch apps.
In addition to costing millions to legitimate mobile advertisers whose ads are being delivered "invisibly" and never seen or clicked by human users, mobile device hijacking also creates trouble for individual users. By running unseen in the background on mobile devices, these apps consume large amounts of battery power and data bandwidth.
Surprising Volume of 'Blatant' Fraud
We spoke with Mike Andrews, chief scientist at Forensiq, to learn more about the study's findings. He said the volume of fraudulent ads being served by such apps, as well as "the fact that it's so blatant," was surprising. Also surprising was that the fraud involved the serving of ads that are invisible to humans for "literally hundreds of recognizable brands," including Microsoft, Unilever, Amazon and Mercedes-Benz.
Forensiq conducted the study over the course of 10 days, checking for signs of fraudulent ad activity via suspicious apps on more than 12 million smartphones, tablets and emulated devices running Android, iOS and Windows operating systems. It found that around 1 percent of devices in the U.S., and 2 percent to 3 percent of those in Europe and Asia, were hijacked by apps committing ad fraud.
"Consumers trust what they are getting: mobile apps exist in an official app store, may receive many positive reviews, and provide entertainment or utility," the study noted. "What we found is that apps can also serve an illicit purpose, harming both advertisers and consumers."
Check Permissions Carefully
Forensiq's findings reinforce those reported earlier this year by researchers in Europe. Those researchers found that a number of Android apps available for download on Google's Play Store connect users -- without their knowledge -- to advertising sites, tracking Web sites and suspicious malware.
People concerned about possible mobile app hijacking should be "vigilant in general and very careful about what you're signing into," Andrews said. Rather than blindly clicking approval for requested permissions after downloading apps, for example, users should be sure to check what types of permissions the apps are seeking.
For example, "Why does a game need to run as soon as a device boots up?" Seeing such a request might raise a red flag after users download new apps, he said. Reading the reviews for apps before downloading can also point to potentially troublesome apps, Andrews said. Frequent complaints about fast battery draining or high data consumption, for instance, could indicate unwanted activity going on behind the scenes in apps.