As mobile grows, so grows mobile fraud. Forensiq, an online ad fraud prevention service, released a study today forecasting that “mobile device hijacking” via apps will cost marketers more than $1 billion in bogus ad placements in 2015. And unlike desktop malware that is installed unintentionally, most mobile apps are installed purposefully by app developers.
Using an Android emulator and physical iOS devices to install what it had identified as high-risk apps, Forensiq discovered that the apps were serving ads at a preternaturally high rate—up to 20 a minute.Legitimate apps typically refresh an ad only every 30 to 120 seconds.
“What we found is that the way these apps were prepared and published caused them to perform mobile device hijacking. The developers who publish these apps are responsible,” says Forensiq Chief Scientist Mike Andrews.“When this kind of fraud happens, it’s really blatant. It involves a lot of impressions, a lot of data, and causes consumers a lot of battery usage.”
Forensiq found that more than 5,000 apps were fraudulent, about 13% of the app universe (see table below). Given an estimated $69 billion in mobile ad expenditures for 2015, and applying average CPM prices, the company predicts mobile bots will easily divert $1 billion in ad spend.
Some of those dollars go for ads on legitimate apps that don’t even run advertising. Using a technique called ad spoofing, a publisher or mobile advertising platform may modify the app headers passed to the exchange to represent the inventory as a different app. Wickr and BBM were two apps, according to Forensiq, that fell victim to the ploy.
Malicious apps often can be detected in the download process. They’re likely to request suspicious permissions, such as being able to prevent the device from sleeping, to modify and delete content on the SD card, and to access location services while running in the background.
Forensiq CEO David Sendroff predicts that in-app fraud will continue to grow at an alarming rate in the coming years. “I see this being a major target for the bad actors, because you don’t hear many companies talking about what they’re doing about mobile fraud,” he says.
