« Back to Blog

13 Ways Ad Networks Combat Ad Fraud using 42matters App Data

13 Ways Ad Networks Combat Ad Fraud using 42matters App Data

Mobile advertising is huge. Indeed, global mobile ad spending is set to hit the $230 billion mark this year, with a staggering estimated growth rate of more than 20%.

 

With all that money changing hands, the digital advertising world has drawn a lot of attention from unscrupulous actors. In fact, ad fraud in the digital space cost businesses somewhere in the realm of $19 billion in 2018.

 

Fraudsters managed to cut off this sizeable piece of the pie by attacking various weak points throughout the supply chain. They targeted everyone: publishers, advertisers, ad networks, and more.

 

Of course, advertisers want to make sure that they’re paying for truly valuable ad placement. As such, if ad networks are incapable of determining which app publishers are fraudulent – that is, if they are incapable of distinguishing good ad placement from bad ad placement – they risk undermining their credibility in the market.

 

In this article, we will go over thirteen ways ad networks can use the mobile data provided by 42matters to combat ad fraud and secure valuable ad spots for their clients.

1. Detect Fake Location Data

There are many red flags to look out for when determining whether an application is trustworthy. One such red flag is whether an app is faking its location information.

 

Our “Lookup API” enables ad networks to determine whether an app has potential access to “coarse” or “fine” location, or whether the app allows for location permissions at all. If something doesn’t seem to add up – for instance, if an app is sending ad requests with “fine” location information, but has no location permissions listed on the Google Play Store – networks will be able to detect it instantly.



2. Detect Suspicious App Permissions

Similarly, suspicious app permissions should also raise some doubts. Research by the app analytics and attribution company, Kochava, uncovered an apparent big ad fraud scheme.

 

Kochava identified several mobile apps that engaged in a practice referred to as “click injection.”

 

“Click Injection” requires the app to request special permissions to see when the user downloaded new apps, and to launch other apps in the background. This enables the publishers to gather data on the active install bounties for newly downloaded apps. With this information, the crooked publishers can claim unearned payment bounties by sending ad networks forged click data that contains hijacked app attribution information.

 

Needless to say, this can cause some headaches for ad networks and advertisers. To combat this 42matters “Lookup API”makes it possible for ad networks to pull up an app’s permissions and thus find apps that might have these special permissions more quickly.

 

If an application requires anything suspicious from its users, it’s worth doing a more thorough investigation of the app and its publisher.

 

3. Conduct an SDK Analysis

Malicious SDKs are another red flag. Indeed, one of the more common methods of drumming up fraudulent ad revenue is to integrate an SDK that generates fake clicks. This is a practice of increasing sophistication where one scheme can comprise hundreds of apps, and where any one app could generate tens of millions of dollars in stolen revenue per year. 

 

Needless to say, advertisers want real clicks. They want real eyes on their ads and real customers browsing their products and offerings.

 

To assure that this happens, the 42matters “Integrated SDKs API” can be leveraged by ad networks to see which SDKs an app has implemented. The ad network can check if its SDK has been integrated at all and can also check if it contains other suspicious SDKs. The ad network can then further investigate and blacklist the app to protect their clients from being exploited.

 

4. Track Advertised App Versions

Attribution insights are another way to determine whether an application is committing ad fraud. 

 

As an example, let’s say an ad network runs an app install campaign to boost installs for the mobile game “Angry Birds”. Each time a user clicks on one of their in-app ads to download the “Angry Birds” application, the network will attribute that download to the app publisher and compensate them accordingly.

 

Now, suppose that a disproportionate number of that app’s users are downloading old versions of the “Angry Birds” app. This is a serious red flag, since, presumably, the App Store or Google Play Store should be prompting customers to download the very latest version of their apps.

 

Ad networks can figure out what are the latest valid app versions via the 42matters “Versions API” and “Versions History API.” Combined, these two APIs allow networks to better validate attributions.

 

5. Detect Apps With Unusual Publishing History

Ad networks can also identify bad apps by looking at their publishing history. For instance, if an app is no longer published on the app stores, or if it was never released, ad networks might want to conduct a review to figure out whether it’s a viable candidate to host their client’s ads. Also to check whether apps of a publisher are regularly updating and being worked on is important. 42matters offers therefore a host of APIs, including the “Lookup API” that helps ad networks identify apps with sketchy publishing history.

 

6. Verify Whether an App is App-ads.txt Compliant

The “App Ads.txt API” (Android, iOS) makes it possible for ad networks to verify that publishers are who they claim to be and thus combats app spoofing. It also makes it possible for them to determine whether publishers have white listed their ad network.

 

42matters’ API is able to achieve this by crawling app publisher data to figure out whether they are App Ads.txt compliant. And because the API continuously crawls for this data, it’s always up to date. As such, ad networks that leverage the API have instant access to this data by checking the API’s endpoint. There’s no need for them to recrawl and manually maintain the data on their own. With more than 4 million entries in the app-ads database, 42matters is used by demand side to determine the publisher app-ads.txt compliance status. 

 

7. Detect Copy-Cat Apps

Another common tactic used by fraudsters is to create copy-cat apps. These are applications designed to trick ad networks into believing that they are legitimate premium apps. Taking the bait, ad networks provide them with ads, and advertisers pay premium CPMs for the wrong app. 

 

By using the 42matters “Keyword Search API”, ad networks can search on keywords to find apps with similar names to find these sort of clones.

 

Additionally 42matters also provides hashes of app signing certificates. These hashes can be used to check the ownership of apps by the same developer. E.g. this can be helpful in case a copy-cat app is released on another store where the original app was not yet available. Comparing the hashes of both apps across stores can quickly indicate if both apps are from the same developer or if there might be an issue.

 

8. Verify an App’s Privacy Policy and Compliance Terms

As anybody who works in the digital advertising space understands, app publishers are required to disclose any 3rd parties to whom they are sending their users’ data.

 

So, if an ad network is not listed in an app’s privacy policy, it’s quite possible that the app is hiding something.

 

The 42matters “Lookup API” enables ad networks to instantly get the  app’s privacy policy link, and determine whether the app is complying with their terms of service.

 

9. Verify an App’s Publisher

One simple way to validate the legitimacy of an app is to determine whether it’s part of the portfolio of a known and trusted developer.

 

42matters provides ad networks with the tools to detect whether an app uses the same signed key as other apps within a developer’s portfolio. This works across apps and across app stores. 

 

If an app appears and proclaims to be part of a certain publisher’s portfolio, but does not use a common signed key, it’s possible the app is a fraudulent clone. Checking the signed key can also help to find out if several publishers share the same key and thus might be one entity and not multiple. 

 

10. Analyze an App’s Reviews

The 42matters “App Reviews API” offers ad networks a glimpse into an app’s user reviews. Furthermore, the “Review Analysis API” can be used to determine how an app’s user base reacts to embedded ads.

 

These two APIs can be deployed in a complementary manner to help ad networks look for any irregularities in user feedback, or in how users react to embedded ads.

 

11. Compare Ad Impressions with an App’s Ranking and Downloads

Another sign that something suspicious might be happening is if an app displays a peculiarly high amount of ad impressions, but does not appear on app store rankings at all. This is because any app that can boast a large, legitimate quantity of engaged users will undoubtedly  have some good app store rankings..

 

If this is not the case, then it is quite likely that the usage is not organic and is simply part of a broader scheme meant to extract ad revenue from ad networks and advertisers.

 

As a prescription, ad networks can use 42matters’ “Google Play App Rank History API” and “Google Play Top Charts API” (also available for iOS) to compare the number of ad impressions with the app’s rank and ranking history. Additionally, 42matters offers also download estimates, that provide insights about how many downloads an app gets. That data can also be used to compare if number of daily ad impressions look realistic.

 

12. Verify Country Availability

Another red flag we’ll mention is this: If an app appears to be getting a lot of user traffic in countries in which it is allegedly not available.

 

By using the 42matters “Country Availability API” ad networks can verify whether an app is available in all the countries where it is generating significant usage. 

 

13. Acquire the Complete 42matters Dataset and Build Your Own Custom Solution

42matters’ app data can be also obtained as a raw full dataset. This will give ad networks complete control over how to integrate the full data quickly into their current systems. 


Schedule an appointment now to see how our products can help grow your business or read some of our other articles here.