Home Mobile Is There More Ad Fraud On iOS Or Android? The Thieves Don’t Care

Is There More Ad Fraud On iOS Or Android? The Thieves Don’t Care

SHARE:

Fraud follows the money, but it also picks the low-hanging fruit.

Although Methbot was a fairly sophisticated operation, fraudsters are generally lazy, said Augustine Fou, a cybersecurity expert and independent ad fraud researcher.

“The general principle is that bots are not going to work harder than they need to,” Fou said. “If they can get by easy defenses and make money, they’ll do that, and if it’s lucrative to pretend to be iOS to earn a CPM, they’ll try it.”

With little fear of accountability or reprisal, they’ll throw click spam and fake install attempts against the wall until something gets through. If it works, they get paid. If it doesn’t, they try something else.

A recent report by mobile ad network ClicksMob claims that iOS is 50% more likely to get hit with fraudulent traffic than Android, a finding that contravenes conventional wisdom. ClicksMob CEO Avishai Shoushan attributes the conclusion to the higher payouts available on iOS. Advertisers are willing to pay more to acquire and retain iOS users, and higher ad budgets are like honey to the fraudster’s bee.

But, by and large, iOS is just as vulnerable as Android to the classic forms of mobile ad fraud (fake or low-quality traffic, non-visible ads, bot farms, fake clicks). Android’s open-source operating system, however, has far more features for fraudsters to exploit than iOS’s closed ecosystem, said John Koetsier, a mobile economist at app analytics and attribution company Tune.

Tune identified 22.4 million suspect mobile conversions in January for just one of its brand customers – 69% of which occurred on Android. Twenty-six percent happened on iOS.

Android is also uniquely vulnerable to click injection fraud, in which an ad network takes credit for organic app installs.

“At a system level, Android broadcasts new app install alerts to other installed apps, which is a good thing for app integration and interoperability,” Koetsier explained. “But a fraudster’s app that sees this can immediately claim credit for the install.”

Click injection is “like a surgically precise way of doing click spam,” said Andreas Naumann, a fraud specialist at app analytics and measurement company Adjust.

Naumann noted that click injection on Android is on the rise – and it’s a type of fraud not possible to perpetrate on iOS. Whereas on Android any developer can listen to what’s happening on a user’s device, iOS developers who want their app to communicate with other downloaded apps need to provide a list of those apps to Apple in advance when originally submitting their item to the App Store.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

There is, however, one way for fraudsters to game iOS that doesn’t exist on Android, and that’s Limit Ad Tracking fraud.

When a user opts out of ad tracking on Android, marketing platforms can still see the Google ad ID and a flag in the back end that the device should not be targeted with ads.

But when a user opts out of ad tracking in iOS 10, Apple sends back a hashed identifier, basically a string of zeroes, rather than a unique advertising identifier. Without an IDFA, ad networks and attribution platforms aren’t able to track or target users.

That makes it more difficult to recognize patterns and look for anomalies, said Matan Tessler, director of product at AppsFlyer.

“If a single device generates multiple installs attributed to the same ad, that looks like fraud, and it’s difficult to see on iOS because you don’t have a device ID,” Tessler said.

But Limit Ad Tracking fraud is somewhat, well, limited, Naumann said. It’s mostly an offshoot of incentivized offers. For example, if Game A gives its players the chance to earn premium currency by downloading Game B and those players have LAT activated, they can keep installing and uninstalling Game B over and over to earn more credit in Game A without being caught.

“It’s less a fraud scheme and more like piracy,” said Naumann, who noted that ad networks can get around that issue by using their own internal identifiers, and Apple is generally OK with it as long as those identifiers aren’t shared.

Ultimately, red flags abound for fraud on both iOS and Android – and focusing on the operating system is a red herring.

“The bigger problem is that the industry needs more common sense,” Naumann said. “We need to ask questions rather than focus on the OS.”

Questions related to ROI and the bottom line, said Tune’s Koetsier.

“The best defense for advertisers when it comes to mobile ad fraud is trying ad spend to revenue,” he said. “Rear-view metrics like taps, views, app installs and even form fill-outs can be gamed. It’s much, much harder to game actual money in the bank.”

Must Read

Buyers Can Now Target High-Attention Inventory In The Trade Desk

By applying Adelaide’s Attention Unit scoring, buyers can target low-, medium- and high-attention inventory via TTD’s self-serve platform.

How Should Advertisers Navigate A TikTok Ban Or Google Breakup? Just Ask Brian Wieser

The online advertising industry is staring down the barrel of not one but two potential shutdowns that could radically change where brands put their ad dollars in 2025, according to Madison and Wall’s Brian Weiser and Olivia Morley.

Intent IQ Has Patents For Ad Tech’s Most Basic Functions – And It’s Not Afraid To Use Them

An unusual dilemma has programmatic vendors and ad tech platforms worried about a flurry of potential patent infringement suits.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

TikTok Video For Open Web Publishers? Outbrain Built It.

Outbrain is trying to shed its chumbox rep by bringing social media-style vertical video to mobile publishers on the open web.

Billups Launches Attention Measurement For Out-Of-Home

Billups, a managed services agency that specializes in OOH, is making its attention measurement solution and a related analytics dashboard available for general use.

US District Court for the Eastern District of Virginia, Alexandria

The Google Ad Tech Antitrust Case Is Over – And Here’s What’s Happening Next

Just three weeks after it began, the Google ad tech antitrust trial in Virginia is over. The court will now take a nearly two-month break before reconvening for closing arguments right before Thanksgiving.