Discover client recommended agencies

Rage against the bots: how should marketers keep increasing mobile ad fraud at bay in Asia Pacific?

Mobile in-app install fraud saw a surge in 2015 alongside the rise of machine learning and AI as a whole.

Mobile ad fraud, which has been a concern since the early 2010s, continues to be a challenge for brands and agencies in Asia Pacific with a new study on in-app installs finding that from November 2018 to April 2019, the region experienced an average fraud rate that was 60% higher than the average worldwide.

Why has nothing changed?

With existing desktop detection tools not necessarily applicable to mobile and newer fraud tactics getting an edge over older tracking methods, Ronen Mense, the president and managing director for APAC at AppsFlyer says marketers are not paying enough attention to new anti-fraud technology and neglecting the threat of fraud overall because the number of app installs remains high.

“Countries like India and Indonesia are experiencing massive growth in their digital economies, but this results in marketers being distracted with scaling quickly because it presents tempting business possibilities,” he explains to The Drum.

“On the media side, we can see that, because the demand for growth is so robust, some networks do not want to lose business over their inability to drive growth, which leads to lessened control and increased risk of fraud.

“Marketers in the region still rely on local ad networks to drive demand. These networks, however, often suffer from high rates of fraud. According to our data, nearly 60% have a fraud rate that exceeds 20%,” he says.

Resources can also often be stretched, Mense adds, as many app developers in the region have fewer resources to commit to media buying and user acquisition.

As a result, he says many are forced to buy from media sources with a lower price point, where fraud is more prevalent, thereby exposing themselves to heightened risk.

He also observes that businesses in the region are typically sensitive to price, forcing networks and media sources to offer high volumes of ad space at cheap rates. This is more likely to be utilized than those with higher prices despite the associated risks of fraud.

“App developers need to consistently be vigilant against the types of fraud which threaten their business, not only the financial implications but the cost of making erroneous decisions concerning the investment of their resources,” explains Mense.

“Given fraud comes in many forms and is constantly evolving, securing the mobile economy demands ongoing education, monitoring, and protection. It has never been more important to have robust anti-fraud measures in place amid persistent threats from malicious actors. To stay ahead, marketers and app developers need to become even more data-savvy.“

Mobile in-app install fraud saw a surge in 2015 alongside the rise of machine learning and AI as a whole, says Joshua Kwah, the marketing director at Taiger, an artificial intelligence company.

He laments that this rise was a double-edged sword, as bots can machine learn and mimic human behavior in-app download and install. This means where there are rules, bots can learn and break them.

“For example, if click influx is a criterion for fraud detection, bots can be trained to recognize them and use time lag in download clicks to avoid being identified and classified as fraudulent,” explains Kwah.

While the rise of machine learning and other AI disciplines is one of the cause, Kwah points to the exposed and open nature of SDKs, which makes developers vulnerable to hacking.

“I suspect greed plays a part as well. APAC leads the world in e-commerce and gaming demand. That would push companies to commit fraud for short-term commercial gains,” he adds.

Which industry is the most vulnerable?

The study, produced by AppsFlyer, found that the finance industry was the hardest hit by mobile in-app fraud, followed by shopping and travel. More than half of all non-organic installs of finance apps were fraudulent in APAC, with shopping and travel rates averaged at around 35%.

One way for finance and shopping brands to avoid a hit is for mobile marketers to first identify fraudulent activity and realize that validating a new fraud signature requires a massive amount of data and good expertise to manage and stay protected without a third-party provider, according to Mense.

He adds that in order to run effective marketing campaigns with genuine results, these apps need to invest in solutions that can leverage their large database.

“As fraud comes in waves, this proactive investment improves their performance data integrity today and provides the coverage needed when the next big wave hits,” explains Mense.

“Second, fraud is constantly evolving, which means apps in APAC need solutions that learn over time based on advanced methods, such as machine learning, that analyze and spot behavioral anomalies, at different levels, app and device.

“Lastly, and perhaps most importantly, mobile marketers need to choose the right sources for their campaigns and demand transparency from them.”

Laura Quigley, the managing director for South East Asia at Integral Ad Science, adds that fraud does not discern because it is a lucrative business and that means aside from finance and shopping, it will also try and gain dollars from the other major apps categories messaging services, social media, utility apps and gaming.

“We will never operate in a world with no fraud. What is possible is for marketers and publishers to work together to reduce fraud,” she explains.

“Publishers and platforms, much like marketers, can invest in verification tools that will allow them to target away from fraud and ensure reducing fraud on advertisers buys, ultimately protecting the advertiser and allowing them to feel confident to continue to invest in digital.”

In early 2019, Twitter's MoPub signed a partnership with Pixalate and DoubleVerify to fight mobile ad fraud across its exchange. The partnership sees all parties take a four-step approach to ensure traffic quality.

They will leverage data to analyze, evaluate and vet mobile app publishers; create an automated, real-time, pre-bid protocol to block invalid bid requests; monitor suspicious post-bid activity; and leverage Twitter's global scale back enforcement.

Types of fraud

Quigley notes that there are several in-app types of fraud, some similar to that of desktop, location fraud, malicious apps, app name spoofing, domain spoofing, hidden ads and app install fraud. Much like on desktop, she says these malicious types of activity take place without the consumer realizing it.

She points out that in-app fraud is not isolated to APAC and is a global issue facing the industry. For South East Asia, which is one of the fastest growing emerging smartphone markets compared to the rest of APAC, eMarketer predicts that mobile ad spend will account for nearly 70% of ad expenditure by 2021.

Quigley says this means more advertisers are investing, which will drive fraudsters to get some of the shares, with very little input and risks they can make a windfall.

“Fraud is going to happen wherever they can get a payout. If it is clicks, they will find a way to click more, if it is downloads and installs, they will also find a way to falsify or increase the number of installs,” she tells The Drum.

“Verification can help to reduce in-app fraud which is more important as this will ensure marketer dollars are maximized and not wasted, but app installs fraud solutions are still in the infancy stages.”

She adds: “Mobile will continue to take over other mediums and with that, fraud will continue to be an industry challenge as it is today. It's important to note that it is a fixable issue, there are ways for the marketers and publishers to reduce their risk.”

How should bots and install hijacking be handled?

As bots are a type of fraud that does not even require real devices and are most often server based, everyday fraudsters make smarter bots to attempt to bypass protection.

Simulating the entire funnel including in-app events does this and even real purchases so long as the payout is higher than the cost.

This means effective protection for advanced bots, apart from having secure SDKs, is also dependent on the significant scale needed to train sophisticated machine-learning algorithms that can track new patterns that are practically impossible to notice on a smaller scale, says Mense.

“Install hijacking involves faking a click in order to claim attribution. The most basic way is using malware to detect when an app has been downloaded, then faking the click before the first launch. This results in what we call short click to install times,” he explains

“How do you solve this? Prevention systems employed by apps need to possess and analyze lots of data, while also learning via machine learning mechanisms.”

Kwah adds that automating the detection process through anti-app fraud detection partners is a viable next step. That means enlisting bots to fight bots and identifying smart bots.

He explains that bots can be trained to understand hard to replicate human behavior like pressure and duration of tap or swipe and use it as a basis for abnormality detection because bots today typically use machine learning to learn, detect and repeat.

However, he points out that when new abnormalities arrive, human intervention is needed to adjust the algorithm.

“Deep learning-based bots which mimic a human's decision-making process, can self-learn without the need for intervention (think Jarvis from Iron Man) and without huge sample data sets,” he says.

“What this means for businesses is less supervision resource and the solution would be more scalable for other functions where fraud detection is still critical but sample abnormal data scare.”

It is imperative that marketers continue to invest in a solution that allows them to target away from fraud and help create a cleaner quality ecosystem so that mobile can continue to be a smart and safe place to invest.

Read the rest of the study here.

By continuing to use The Drum, I accept the use of cookies as per The Drum's privacy policy