Aligns With MRC Guidelines to Treat App-Level Risk and Impression-Level IVT as Separate Controls; Available Through AWS RTB Fabric, APIs, FTP, and S3
LONDON, March 11, 2026 — Pixalate today introduced the High Risk Apps (HRA) mobile app pre-bid blocklist for the advertising industry that identifies known dangerous and fraudulent apps by combining persistent invalid traffic (IVT) signals, app store compliance indicators, app-ads.txt authorization checks, and privacy risk signals into a unified feed with 9 clear risk reason codes.
The blocklist is a daily-updated list of mobile apps — across iOS and Android — that buyers and sellers use to exclude apps from programmatic ad campaigns before a bid is placed.
Historical ad fraud detection started from scratch on every impression, with each bid evaluated in isolation and disconnected from historical signals. The blocklist aligns with Media Rating Council (MRC) guidance to use lists of "known dangerous or fraudulent sources" in addition to impression-level IVT classifications.
Pixalate surfaces granular risk signals across the programmatic advertising supply chain.
The mobile HRA pre-bid blocklist evaluates each app against 9 risk dimensions. An app can be flagged for multiple risk types simultaneously. Every app on the blocklist is included based on defined thresholds.
|
Risk Type |
Code |
Description |
|
High GIVT |
highGivt |
Apps with General Invalid Traffic rates exceeding 5% over a 3-month rolling window |
|
High SIVT |
highSivt |
Apps with Sophisticated Invalid Traffic rates exceeding 15% over a 3-month rolling window |
|
Missing Privacy Policy |
missingPrivacyPolicy |
Apps missing mandatory privacy policies required by global privacy laws as well as under Google Play and Apple App Store guidelines |
|
Abandoned App |
abandonedApp |
Apps not updated by developers for 3+ years; may be unmaintained, insecure, or non-compliant with current app store requirements |
|
Missing app-ads.txt |
noAdsTxt |
Apps generating ad impressions without a valid app-ads.txt file, indicating unauthorized inventory |
|
Developer Anonymity |
developerAnonymity |
Apps where the developer has missing or unverifiable contact information |
|
VPC Bypass Risk |
vpcBypass |
Likely child-directed apps transmitting IP or location data without Verifiable Parental Consent, risking COPPA non-compliance exposure |
|
Delisted App |
delistedApp |
Apps removed from app stores that continue to generate ad traffic |
|
Made for Advertising |
mfaApp |
Apps designed primarily to generate ad impressions rather than deliver genuine user value, including apps exhibiting ad stacking and other manipulative ad placement tactics |
Each app is tagged with one or more risk reason codes. When an app is flagged for multiple risk types, all applicable codes are visible. This enables buyers to build selective blocking logic — for example, blocking apps flagged for High SIVT while permitting apps flagged solely for Abandonment.
The mobile HRA blocklist separates app-level structural risk from impression-level IVT classification. This aligns with the Media Rating Council’s Invalid Traffic Detection and Filtration Interim Update Memo, which distinguishes impression-level IVT measurement from property-level risk reporting.
Impressions from apps on the High Risk Mobile Apps list are not automatically classified as IVT. IVT is now reported only when impression-level invalid signals are detected.
This means IVT reporting reflects impression-level measurement, and app-level risk is reported independently, giving buyers independent control over app-level blocking and impression-level filtering.
|
Column |
Type |
Description |
|
appId |
STRING |
The identifier for the mobile app (e.g., "310633997" or "com.whatsapp") |
|
bundleId |
STRING |
The bundle ID associated with the app, if available |
|
osName |
STRING |
Operating system (iOS or Android) |
|
riskType |
STRING |
Comma-separated list of all applicable risk type codes (e.g., highSivt,abandonedApp, missingPrivacyPolicy) |
|
appStoreUrl |
STRING |
URL to the app store listing |
|
appStoreName |
STRING |
Name of the app store (Google Play or Apple App Store) |
High Risk Mobile Apps blocklist is available as a daily CSV feed delivered through AWS RTB Fabric, APIs, FTP, or S3 bucket through Pixalate's Pre-Bid Blocking Data Feeds.
App-level risk indicators are also surfaced in Pixalate's Analytics dashboard, including a boolean indicator that shows if an app is flagged on HRA and a share of voice of traffic on apps flagged via HRA.
Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012 and recognized by UNICEF as a “key innovator” for children’s online privacy, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com
The content of this press release reflects Pixalate’s opinions with respect to factors that Pixalate believes may be useful to the digital media industry. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate is sharing this information and any associated data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to programmatic advertising activity in the time period studied.
Per the MRC, “‘Fraud’ is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”
*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.
These Stories on Company News
*By entering your email address and clicking Subscribe, you are agreeing to our Terms of Use and Privacy Policy.
Contact
Offices
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”
.png)
