<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=134132097137679&amp;ev=PageView&amp;noscript=1">

CTV Ad Fraud Series: App ‘Spoofing’ could cost advertisers $135MM in 2022 on apps appearing to be on Roku & Amazon Fire TV devices - PBS, Telemundo, NBC Sports biggest victims at 75%+ in July 2022

Amit Shetty
Aug 9, 2022 8:00:00 AM

Welcome to Pixalate’s CTV Ad Fraud Series, where we highlight unique forms of invalid traffic (IVT) — known as ad fraud — across the Connected TV (CTV) programmatic advertising marketplace.

Up first: A close look at “app spoofing” in CTV.

App spoofing — which is also referred to as app misrepresentation or app laundering — occurs when one app masquerades as another app. For example, an advertiser might think they are buying a premium spot on the PBS app, but in truth the ad appeared on a lesser-known app. App spoofing was central to several large-scale ad fraud scheme discoveries by Pixalate, including Monarch and DiCaprio in the CTV space.

See The Apps Spoofed Most Often

July 2022 - Top 20 Spoofed CTV Apps on Roku and Amazon Fire TV

During Q2 2022, Pixalate measured an app spoofing rate of 3.4% across all open programmatic ad impressions purportedly served on Roku devices and nearly 5% among impressions purportedly served on Amazon Fire TV devices. Below are the top 20 CTV apps with primarily programmatic ads on Roku and Amazon Fire TV that were impacted by app spoofing for the two-week period between July 1-15, 2022:

 Click Here to download the list with more details.

See The Apps Spoofed Most Often

FAQs: Ad Fraud in Connected TV (CTV)

What is CTV app spoofing?

App spoofing is a form of IVT in which one app masquerades as another app.

App spoofing can be generated in several ways:

  • Real devices used as a botnet;
  • Real devices unaware of spoofing happening in the background; or
  • Artificial impressions generated by fake devices.

For a deeper dive, check out our blog on app laundering or our knowledge base.

How does Pixalate measure app spoofing?

Pixalate detects app spoofing in traffic where the app identifier (e.g., bundle ID) reported in the bid request does not match the characteristics of the app detected directly by Pixalate. 

Pixalate is able to detect the true bundle ID, user agent, and other properties of a generated impression using our patented, patent pending and trade secret IVT detection technologies, even when these characteristics may be declared as something else in the bidstream. When Pixalate detects mismatches in this data, the resulting impression is flagged as IVT.

Pixalate holds MRC Accreditation for Sophisticated Invalid Traffic (SIVT) detection and filtration across desktop, mobile web, mobile in-app, and connected TV (CTV) environments, including across (12) distinct server-side-ad-insertion (SSAI) measurement metrics.

How much money is lost to CTV app spoofing?

Pixalate estimates that in 2022 advertisers will lose over $135 million in the CTV open programmatic marketplace as a result of spoofed Roku and Amazon Fire TV apps. Here are the variables we used to arrived at this estimate:

  • The IAB projects that $21.2 billion will be spent on CTV in 2022 (Adweek).
  • Upfronts account for 30% of CTV ad spend (eMarketer)
  • About 50% of programmatic CTV is done via private marketplaces or closed channels, while the remaining 50% is done via open exchanges (Simplifi; note this could vary from platform to platform)
  • Roku and Amazon Fire TV devices accounted for a combined 55% open programmatic market share in North America in July 2022 (Pixalate)
  • CTV app spoofing rate for apparent Roku and Amazon Fire TV apps was 3.4% in Q2 2022, according to Pixalate

Where can I find more information about spoofed app traffic and other IVT concerns?

Pixalate’s Media Ratings Terminal (MRT) enables users to quickly check the breakdown of an app’s detected bundle IDs across Pixalate’s global pool of CTV data. For example, we see many instances of devices declaring in the bidstream to be associated with the bundleID for Bally Sports, but Pixalate detects the true bundle ID as originating from multiple other (including, potentially, non-CTV) apps. Our MRT for CTV allows you to distinguish between spoofed traffic for a misrepresented app (“AppSpoofing” SIVT Type) and other IVT types for the app when its traffic is not misrepresented.

IVT details including App Spoofing for the “Bally Sports” app (as seen in the MRT)

What was the criteria for the data in this report?

This Pixalate-generated report is limited to Amazon Fire TV and Roku CTV apps that have open programmatic advertising with an app spoofing rate (as measured by Pixalate) that meets a materiality threshold that we utilize. This technique allows us to focus on apps that appear to be significantly affected by app spoofing/misrepresentation in the global ecosystem. This filtered list is then sorted/ranked by the total number of flagged app spoofing impressions measured for each app.

What is the “Commonly-Used Bundle IDs” list in the report?

Unlike mobile, the CTV ecosystem is riddled with fragmentation issues, including the standardization/uniformity applied to the naming conventions of app/bundle ID(s). Even though most CTV platforms are starting to coalesce around supporting “app store IDs”, the format and values of bundle IDs passed in bid streams have historically not been very consistent. Pixalate has built technology to correlate the various bundle IDs associated with each CTV app, and in the MRT presents the list along with the “share of voice” of each bundle ID we have mapped. For the report, we have included the top  “correlated” bundle IDs for each app in our download, but clients can view more details in the MRT page for the app.

List of commonly seen bundle IDs for the Filmrise FireTV App (as seen in the MRT here)

How can I avoid app spoofing on CTV apps?

App spoofing can be mitigated by following certain best practices. For example, enforcing strict (not just a presence check) app-ads.txt and sellers.json validation to ensure that you are working with authorized sellers for the apps on which you are buying inventory. You may also use anti-fraud tools like Pixalate’s MRT and Analytics to better understand your potential exposure to app spoofing, and protect yourself accordingly. 

For more information, please visit the CTV App Spoofing article in our knowledge base.


The content of this CTV Ad Fraud Series Report reflects Pixalate’s opinions with respect to the factors that Pixalate believes may be useful to the digital media industry. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees; and this Report is not intended to impugn the standing or reputation of any entity, person or app, but instead, to report findings and apparent trends pertaining to apps in the Roku and Amazon app stores.

Search Blog

Follow Pixalate

Subscribe to our blog

*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.

Subscribe to our blog

*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.