In this post, Pixalate explains mobile app laundering, a type of mobile ad fraud and Sophisticated Invalid Traffic (SIVT) that costs advertisers millions of dollars. The mobile in-app landscape is rife with invalid traffic (IVT), with mobile ad fraud rates nearing 25%. Mobile app laundering is one of the most advanced ways in which fraudsters are stealing mobile app ad budgets.
Mobile Application (App) Laundering is the process by which low-valued or entirely illegitimate inventory in mobile in-app environments is sold to advertisers/agencies under the pretenses that the inventory is being delivered to potentially valid end-users on a legitimate, or series of legitimate, mobile applications.
In other words, the advertiser/agency ad content is delivered to a “laundered” app (as opposed to the legitimate app inventory bid on), or potentially even just to a dark screen or background process.
Monetizing illegitimate inventory through the process of mobile app laundering is predominantly driven by the prevalence of programmatic bidding environments. As these programmatic monetization platforms (e.g., SSPs) rely on a series of ad calls from the respective publisher application, the potential exists to disguise (or obfuscate) the actual final delivery point of the respective ad content.
In the case of mobile app laundering, fraudsters disguise the delivery of ad inventory to unsavory locations while mimicking the delivery of the ad content to legitimate mobile applications, oftentimes through a technique known as ‘mobile application spoofing’ or ‘Bundle ID spoofing’.
In the context of mobile app laundering, mobile application/Bundle ID spoofing occurs when the app on which the ad content is delivered (or ad impression event is generated/counted) is misrepresented via a fake or illegitimate app identifier (Bundle ID). For a technical overview of the processes involved in Bundle ID spoofing, refer to our step-by-step technical breakdown presented in our earlier blog post in which Pixalate uncovered an instance of sophisticated mobile app laundering activity.
See the apparent mobile app laundering via Bundle ID spoofing in action
Here is a video captured by the Pixalate analyst team detailing the apparent mobile app laundering in action:
Mobile app laundering is especially malicious in nature as techniques are predominantly developed to manipulate programmatic bidding environments. These techniques, as employed in programmatic, enable fraudsters to drive significant volumes of fraudulent traffic in short periods of time.
Sophisticated mobile app laundering techniques can be staggering in their overall impact on the digital advertising supply chain. Take for example the June 2018 instance in which Pixalate uncovered an apparent instance of sophisticated Mobile App Laundering.
In this situation, a well-trafficked and highly user-reviewed mobile application utilized a series of Bundle ID spoofing techniques in order to launder both display and video impressions. Based on Pixalate’s conservative estimates, the potential lost ad spend related to this single instance of mobile application laundering fraud could be in excess of $75 million per year. To see exactly how Pixalate arrived at this estimate, please refer to this shared Google Sheets document.
The Media Rating Council, Inc. (“MRC”) has published extensive guidance related to the identification and treatment of invalid traffic (“IVT”). Within the context of the MRC IVT Guidelines Addendum, mobile app laundering is an invalid traffic type which typically constitutes sophisticated invalid traffic (“SIVT”) as it is likely to only be identified through the employment of complex, data-driven SIVT detection and filtration techniques.
As transactions associated to mobile app laundering schemes oftentimes appear valid/legitimate at face value, it is highly unlikely that such fraud is detected via general invalid traffic (“GIVT”) techniques, which are usually parameter or list-based in their approach. Refer to our earlier thought leadership blog post for additional detail regarding the distinctions between GIVT and SIVT.
In the context of the IAB’s Anti-Fraud Principles and Proposed Taxonomy, which presents a categorization of various IVT sources, Mobile App Laundering would most closely align with ‘falsely represented’ content as the foundation of the fraud is occurring through the delivery of ad content to illegitimate mobile applications unbeknownst to the advertiser/agency bidding on the inventory. This is similar in concept to falsely represented sites.
Depending on the nature of the mobile app laundering scheme and the level of penetration by the ad fraudsters, such schemes can include characteristics of any of the following IAB-defined IVT classifications (amongst others). The following definitions come from the IAB's Anti-Fraud Principles and Proposed Taxonomy:
Within the context of the MRC’s Interim Guidance specific to SIVT in Mobile In-App, the MRC guidance outlines various mobile in-app characteristics/evaluation criteria which should be considered from an internal control framework perspective. Additionally, there are many specific considerations outlined with respect to the development, refinement and deployment of SIVT detection solutions in mobile in-app environments. The specific additional considerations outlined by the MRC guidance related to SIVT within mobile in-app environments is dissected in further detail here.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”