Welcome to Pixalate’s CTV Ad Fraud Series, where we highlight unique forms of invalid traffic (IVT) — known as ad fraud — across the Connected TV (CTV) programmatic advertising marketplace.
Up first: A close look at “app spoofing” in CTV.
App spoofing — which is also referred to as app misrepresentation or app laundering — occurs when one app masquerades as another app. For example, an advertiser might think they are buying a premium spot on the PBS app, but in truth the ad appeared on a lesser-known app. App spoofing was central to several large-scale ad fraud scheme discoveries by Pixalate, including Monarch and DiCaprio in the CTV space.
During Q2 2022, Pixalate measured an app spoofing rate of 3.4% across all open programmatic ad impressions purportedly served on Roku devices and nearly 5% among impressions purportedly served on Amazon Fire TV devices. Below are the top 20 CTV apps with primarily programmatic ads on Roku and Amazon Fire TV that were impacted by app spoofing for the two-week period between July 1-15, 2022:
Click Here to download the list with more details.
App spoofing is a form of IVT in which one app masquerades as another app.
App spoofing can be generated in several ways:
Pixalate detects app spoofing in traffic where the app identifier (e.g., bundle ID) reported in the bid request does not match the characteristics of the app detected directly by Pixalate.
Pixalate is able to detect the true bundle ID, user agent, and other properties of a generated impression using our patented, patent pending and trade secret IVT detection technologies, even when these characteristics may be declared as something else in the bidstream. When Pixalate detects mismatches in this data, the resulting impression is flagged as IVT.
Pixalate holds MRC Accreditation for Sophisticated Invalid Traffic (SIVT) detection and filtration across desktop, mobile web, mobile in-app, and connected TV (CTV) environments, including across (12) distinct server-side-ad-insertion (SSAI) measurement metrics.
Pixalate estimates that in 2022 advertisers will lose over $135 million in the CTV open programmatic marketplace as a result of spoofed Roku and Amazon Fire TV apps. Here are the variables we used to arrived at this estimate:
Pixalate’s Media Ratings Terminal (MRT) enables users to quickly check the breakdown of an app’s detected bundle IDs across Pixalate’s global pool of CTV data. For example, we see many instances of devices declaring in the bidstream to be associated with the bundleID for Bally Sports, but Pixalate detects the true bundle ID as originating from multiple other (including, potentially, non-CTV) apps. Our MRT for CTV allows you to distinguish between spoofed traffic for a misrepresented app (“AppSpoofing” SIVT Type) and other IVT types for the app when its traffic is not misrepresented.
IVT details including App Spoofing for the “Bally Sports” app (as seen in the MRT)
This Pixalate-generated report is limited to Amazon Fire TV and Roku CTV apps that have open programmatic advertising with an app spoofing rate (as measured by Pixalate) that meets a materiality threshold that we utilize. This technique allows us to focus on apps that appear to be significantly affected by app spoofing/misrepresentation in the global ecosystem. This filtered list is then sorted/ranked by the total number of flagged app spoofing impressions measured for each app.
Unlike mobile, the CTV ecosystem is riddled with fragmentation issues, including the standardization/uniformity applied to the naming conventions of app/bundle ID(s). Even though most CTV platforms are starting to coalesce around supporting “app store IDs”, the format and values of bundle IDs passed in bid streams have historically not been very consistent. Pixalate has built technology to correlate the various bundle IDs associated with each CTV app, and in the MRT presents the list along with the “share of voice” of each bundle ID we have mapped. For the report, we have included the top “correlated” bundle IDs for each app in our download, but clients can view more details in the MRT page for the app.
List of commonly seen bundle IDs for the Filmrise FireTV App (as seen in the MRT here)
App spoofing can be mitigated by following certain best practices. For example, enforcing strict (not just a presence check) app-ads.txt and sellers.json validation to ensure that you are working with authorized sellers for the apps on which you are buying inventory. You may also use anti-fraud tools like Pixalate’s MRT and Analytics to better understand your potential exposure to app spoofing, and protect yourself accordingly.
For more information, please visit the CTV App Spoofing article in our knowledge base.
The content of this CTV Ad Fraud Series Report reflects Pixalate’s opinions with respect to the factors that Pixalate believes may be useful to the digital media industry. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees; and this Report is not intended to impugn the standing or reputation of any entity, person or app, but instead, to report findings and apparent trends pertaining to apps in the Roku and Amazon app stores.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”