Mobile tracking and marketing firm AppsFlyer said in a new study that mobile app marketers were exposed to $700 million to $800 million in ad fraud in the first quarter of 2018, up 30 percent compared to the quarterly average for 2017.
Shopping, gaming, finance, and travel apps are the hardest hit. The share of fraudulent app installs has grown by 15 percent, tainting 11.5 percent of all marketing-driven installs. Today, AppsFlyer launched a new annual initiative it calls #FoolsNoMore. The initiative includes a series of educational resources for marketers (including this report) that the company hopes will increase fraud awareness.
The company said that fraud comes in waves.
“When new protective measures are introduced, fraudsters adapt, which leads to new measures, and the cycle continues,” AppsFlyer said. “Fraud has become a high stakes arms race, as both sides are becoming increasingly sophisticated.”
AppsFlyer said that bots are now the most dangerous threat.
“In September, we saw new kinds of bots emerge. By February, bots replaced device farms as the most popular form of attack — responsible for over 30 percent of fraudulent installs,” the company said.
Many apps are exposed, and fraud is not just about a few large apps targeted by advanced attacks. In fact, AppsFlyer found that 22 percent of apps have over 10 percent fraudulent installs, while no less than 12 percent are significantly exposed, with at least 30 percent fraudulent installs.
Shopping apps, with their high costs per install (CPI) and huge scale are the most heavily hit sector, with $275 million exposed in the first quarter of 2018.
Android is more vulnerable to fraud, but iOS is also a target. With greater difficulty perpetrating device fraud on iOS, fraudsters resort mainly to click flood techniques, where iOS is well ahead of Android.
In click flooding, fraudsters send a “flood” of false click reports from, or on behalf of, real devices. When the actual device downloads the app, the sub-publisher is falsely credited with the install.
In all other types of fraud, Android rates are much higher. AppsFlyer found that fraud targeting mobile app marketers is evolving faster than ever. What once took fraudsters six months to develop can now take weeks or even days.
“The bad guys have gotten smarter, adapting much faster to anti-fraud measures,” the report said. “What’s more, we see a significant increase in the rate of fraud and level of financial exposure.”
Phil Crosby, chief product officer at Liftoff, said in a statement, “When it comes to mobile fraud, no advertiser, app exchange, or network is immune, the company said. This includes the largest, most trusted suppliers. Everyone in the industry is dealing with click spam, hyperactive devices, and other forms of fraud. Rather than blacklisting large groups of apps or entire networks, and potentially damaging the broader ecosystem, advertisers are better served to identify fraudulent bid requests upfront, before spending a dime, and avoid bidding on these fake bid requests in the first place. This approach alone would save advertisers billions of dollars in wasted marketing budget, which can be better spent marketing to real users.”
AppsFlyer launched its Protect360 platform in the fall, and that drove fraudsters to change their install patterns and invest in new forms of attack, such as click floods.
The U.S. tops the financial exposure list because of both high payouts and massive scale, even though the fraud rate in the U.S. is still lower than the global average. Overall, AppsFlyer found that the fraud rate in the U.S. has increased by 30 percent compared to its previous study.
When it comes to gaming, AppsFlyer found the sector had the highest number of fraudulent installs from click flood attacks, the second-highest number of fraudulent installs from install hijacking attacks, and was No. 5 in highest number of fraudulent installs from bot attacks.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here