CTV App Spoofing

FAQs about CTV APP Spoofing

How does Pixalate measure app spoofing?

Pixalate detects app spoofing in traffic where the app identifier (e.g., bundleId) reported to the exchange does not match the characteristics of the app detected directly by Pixalate. Spoofing can be correlated with highly overlapping traffic, mismatched bundle ID, mismatched user agent, or other measured metrics. Pixalate is able to detect the true bundleID, user agent, and other properties of a generated impression using our patented, patent pending and trade secret IVT detection technologies, even when these characteristics may be declared as something else in the bidstream. When Pixalate detects mismatches in this data, the resulting impression is flagged as IVT.


App Spoofing details in MRT

Spoofing can be correlated with highly overlapping traffic, mismatched bundle ID, mismatched user agent, or other measured metrics. This information can be found and explored within the app’s Media Ratings Terminal (MRT) Insights page, with an example here.


The MRT enables users to quickly check the breakdown of an app’s detected bundle IDs across Pixalate’s global pool of CTV data. In this case, we see many instances of devices declaring in the bidstream to be associated with the bundleID for Bally Sports, but Pixalate detects the true bundleID as originating from multiple other (potentially non-CTV) apps. Pixalate’s MRT for CTV allows you to distinguish between spoofed traffic for a misrepresented app (“AppSpoofing” SIVT Type) and other IVT types for the app when it is not misrepresented.

How does Pixalate rank these apps?

The app spoofing reports at https://pixalate.com/reports are currently limited to FireOS/Roku CTV apps, with an app spoofing rate (as measured by Pixalate) that meets a materiality threshold. This technique allows us to focus on apps that appear to be significantly affected by app spoofing/misrepresentation in the global ecosystem. This filtered list is then sorted/ranked by the total number of flagged app spoofing impressions measured for each app.


How does Pixalate ensure this data is accurate?

To ensure the validity of this report’s data points, Pixalate uses a three-pronged data QA methodology:

  • First, apps experiencing high rates of app spoofing trigger a manual review to ensure that Pixalate’s automated fraud-detection algorithms are detecting clear examples of IVT, and not tag implementation errors.

  • Second, a review is completed for apps experiencing spoofing involving mismatched bundle IDs or anomalous User Agents to confirm the mismatch flag.

  • And third, this data is cross-checked across Pixalate’s global pool of data to cancel out first-party biases appearing from any one source.

For future versions of this report, biweekly changes in app spoofing rates are calculated and large variations are manually reviewed in accordance with the above points.


Where can I find more information about app spoofing?

App spoofing is a form of IVT in which one app masquerades as another app. In certain circumstances, such misrepresentation is intended to increase impression levels and appear more valuable. App spoofing can be generated in several ways:

  • Real devices used as a botnet

  • Real devices unaware of spoofing happening in the background

  • Impressions generated by fake devices

For a deeper dive, check out our blog on app laundering (<https://www.pixalate.com/blog/mobile-ad-fraud-what-is-mobile-app-laundering-sivt)>


How can I avoid app spoofing on CTV apps?

App spoofing can be mitigated by following some good best practices. Enforce strict (not just a presence check) app-ads.txt validation to ensure that you are working with authorized sellers for the apps you are buying inventory on. Use anti-fraud tools like Pixalate’s products to understand your exposure to app spoofing, and protect yourself accordingly