Global Connected TV (CTV) programmatic ad spend continues to soar, rising 32% year-over-year according to Pixalate’s latest estimates, but this rapid growth also makes CTV a ripe target for fraudsters.
For example, our monthly CTV App Spoofing reports shows how various apps regularly become the targets of App Spoofing. One of the invalid traffic (IVT, or ad fraud) trends that Pixalate has been tracking is mobile traffic presenting itself as Roku (CTV) traffic.
Pixalate conducted a study from June-August 2022 and found that 30% of spoofed Roku traffic appears to actually originate from mobile devices. Of note, Pixalate data indicates that these ad fraud spoofing attempts seem to originate from iOS devices far more often than Android devices:
3% of all traffic purporting to be from Roku devices is spoofed, according to Pixalate’s data
Of that apparently-spoofed Roku traffic, 30% originates from mobile devices
Over 90% of apparent mobile-to-Roku spoofed traffic comes from iOS devices
iOS to Roku spoofing almost doubled month over month from July to August from 22% to 40%
Mobile-to-CTV Spoofing, Month over Month:
Top 5 Roku Apps most spoofed by mobile devices
What does mobile-to-CTV app spoofing look like?
In January 2020, we uncovered a major exploit (named “DiCaprio”) where real mobile devices were apparently weaponized by fraudsters to generate fraudulent traffic appearing to be coming from CTV devices. Essentially, the fraudsters modified the bid stream to make the bid requests appear to be coming from CTV devices.
This type of attack has continued to grow and is difficult for buyers to detect and block for a number of reasons, including a lack of awareness of technical solutions, failing to vet sellers, or simply because there are multiple hops involved in the Supply Chain (leaving them unable to reach the device directly). Our clients are able to use our tools to measure and take necessary actions.
For example, here is a sample User Agent a client saw on the bid stream vs. what Pixalate detected for the same impression:
What the client saw: Roku/DVP-9.40 (939.40E04206A)
What Pixalate saw: Mozilla/5.0 (iPhone; CPU iPhone OS 15_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148
CTV ad inventory - especially on Roku - remains some of the most valuable inventory in demand. Using iOS devices to spoof this highly-valuable traffic is a tactic fraudsters continue to use increasingly - with these attempts doubling month-over-month from July to August 2022.
We encourage the ad industry to watch out for this form of spoofing. Wondering what concrete steps you and your organizations can take? Consider participating in initiatives led by trusted players in the CTV space. In particular, keep an eye out for Roku and IAB Tech Lab initiatives, which we believe will help stem the growth of these pervasive forms of spoofing.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC,
“'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other
legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC,
“‘Invalid Traffic’ is defined generally as traffic
that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts.
Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”