This week's review of ad fraud and privacy in the digital advertising space:
Unmasking ‘iP64’ - An Ad Fraud Exploit Targeting Apple’s iCloud Private Relay Infrastructure and Costing Advertisers an estimated $65+ Million
Pixalate released its "Unmasking iP64" investigation, looking at invalid traffic (“IVT,” or ad fraud) in connection with iCloud Private Relay IP Addresses. Pixalate's findings show how ad fraudsters appear to be exploiting the unquestioned trust of Apple’s iCloud Private Relay IP Addresses - aided by the opacity of the ad tech supply chain. Pixalate named the scheme iP64 because of the way in which apparent fraudsters seem to be inserting iCloud Private Relay IPv6 and IPv4 addresses into ad requests to masquerade the true source of the traffic.
Pixalate Releases 2022 Social Media Invalid Traffic (IVT) Report, Finds 6.7% IVT on Twitter’s App in October 2022
Pixalate published the Q3 2022 Invalid Traffic (IVT) Report: Social Media Apps which included a comprehensive examination of the instances of all forms of invalid traffic on popular social media apps on the web and mobile devices.. The report covered a wide variety of data points with the blog breaking it down further and highlighting some interesting topics.
For more information on IVT trends, download a free copy of the report here:
Hulu reclaims top spot in Pixalate’s CTV Publisher Trust Index for both Roku & Fire TV North America, Red Bull TV makes First Appearance Ranking in Top 3 on Roku
Pixalate’s monthly Publisher Trust Index (PTI) report provides a perspective regarding the quality of CTV apps that support programmatic advertising with rankings broken down by region, country, category, and app store. The assessment is based on various factors including invalid traffic (IVT), popularity, ad density, and engagement scores.
Mobile App Manual Review under COPPA Rule: 'Talking James Squirrel-Virtu' and 'Toca Life World'
Pixalate continued its Mobile App Manual Reviews According to COPPA series, containing the detailed factors the Trust & Safety Advisory Board educators used to assess an app’s child-directedness. This post takes a look at two popular mobile apps from the Apple App and Google Play Store. Our reviewer discusses how the subjective factors set forth in the COPPA Rule apply to each app and factor into the reviewer's determination as to whether the app is child-directed or general audience (i.e., it is not targeting children).
Top 5 countries with the highest invalid traffic (IVT) rates for mobile in-app programmatic advertising (Q2 2022)
Pixalate published the Q2 2022 Invalid Traffic (IVT) Benchmarks report earlier this month, describing IVT distribution in programmatic advertising impressions. It covered a wide variety of data points, and Pixalate is breaking it down further in this series by highlighting interesting findings.
Gizmodo: Pixalate Finds iCloud Privacy Relay Could Be Facilitating $65M Scam
Gizmodo published a comprehensive article about the findings of Pixalate's iP64 Investigation, showing that Apple's Private Relay is being exploited for a massive ad fraud scam despite promises of "built-in fraud protection".
"Pixalate, the ad tech firm that authored the study, released Tuesday, says the problem will cost US advertisers an estimated $65 million in 2022 alone. The study finds that 90% of web traffic that looks like it’s coming from Private Relay is actually fraudulent."
Apple Insider: Apple iCloud Private Relay Being Used Fraudulently
Apple Insider published an article detailing Pixalate's investigation Unmasking ‘iP64’ Ad Fraud Investigation.
Apple Insider said:
"The Ad Fraud and Compliance research team of Pixalate claims there is a potential exploit in the system that relates to IP addresses used by iCloud Private Relay. Dubbed "iP64," it is believed that ad fraudsters are taking advantage of the trust in iCloud Private Relay by the ad industry, as well as other factors, to get away with ad fraud."
Apple Insider: Cybercriminals Abusing iCloud Private Relay
"In its report, Pixalate says that cybercriminals are committing ad fraud by inserting iPv6 and IPv4 IP addresses from Private Relay into digital advertising bid requests. While Private Relay is designed to be used exclusively with Apple’s Safari browser, the firm found IP addresses from the service attached to Mozilla Firefox as well as to non-Apple devices that can’t even run Safari."
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC,
“'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other
legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC,
“‘Invalid Traffic’ is defined generally as traffic
that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts.
Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”