Home Mobile Is There More Ad Fraud On iOS Or Android? The Thieves Don’t Care

Is There More Ad Fraud On iOS Or Android? The Thieves Don’t Care


Fraud follows the money, but it also picks the low-hanging fruit.

Although Methbot was a fairly sophisticated operation, fraudsters are generally lazy, said Augustine Fou, a cybersecurity expert and independent ad fraud researcher.

“The general principle is that bots are not going to work harder than they need to,” Fou said. “If they can get by easy defenses and make money, they’ll do that, and if it’s lucrative to pretend to be iOS to earn a CPM, they’ll try it.”

With little fear of accountability or reprisal, they’ll throw click spam and fake install attempts against the wall until something gets through. If it works, they get paid. If it doesn’t, they try something else.

A recent report by mobile ad network ClicksMob claims that iOS is 50% more likely to get hit with fraudulent traffic than Android, a finding that contravenes conventional wisdom. ClicksMob CEO Avishai Shoushan attributes the conclusion to the higher payouts available on iOS. Advertisers are willing to pay more to acquire and retain iOS users, and higher ad budgets are like honey to the fraudster’s bee.

But, by and large, iOS is just as vulnerable as Android to the classic forms of mobile ad fraud (fake or low-quality traffic, non-visible ads, bot farms, fake clicks). Android’s open-source operating system, however, has far more features for fraudsters to exploit than iOS’s closed ecosystem, said John Koetsier, a mobile economist at app analytics and attribution company Tune.

Tune identified 22.4 million suspect mobile conversions in January for just one of its brand customers – 69% of which occurred on Android. Twenty-six percent happened on iOS.

Android is also uniquely vulnerable to click injection fraud, in which an ad network takes credit for organic app installs.

“At a system level, Android broadcasts new app install alerts to other installed apps, which is a good thing for app integration and interoperability,” Koetsier explained. “But a fraudster’s app that sees this can immediately claim credit for the install.”

Click injection is “like a surgically precise way of doing click spam,” said Andreas Naumann, a fraud specialist at app analytics and measurement company Adjust.

Naumann noted that click injection on Android is on the rise – and it’s a type of fraud not possible to perpetrate on iOS. Whereas on Android any developer can listen to what’s happening on a user’s device, iOS developers who want their app to communicate with other downloaded apps need to provide a list of those apps to Apple in advance when originally submitting their item to the App Store.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

There is, however, one way for fraudsters to game iOS that doesn’t exist on Android, and that’s Limit Ad Tracking fraud.

When a user opts out of ad tracking on Android, marketing platforms can still see the Google ad ID and a flag in the back end that the device should not be targeted with ads.

But when a user opts out of ad tracking in iOS 10, Apple sends back a hashed identifier, basically a string of zeroes, rather than a unique advertising identifier. Without an IDFA, ad networks and attribution platforms aren’t able to track or target users.

That makes it more difficult to recognize patterns and look for anomalies, said Matan Tessler, director of product at AppsFlyer.

“If a single device generates multiple installs attributed to the same ad, that looks like fraud, and it’s difficult to see on iOS because you don’t have a device ID,” Tessler said.

But Limit Ad Tracking fraud is somewhat, well, limited, Naumann said. It’s mostly an offshoot of incentivized offers. For example, if Game A gives its players the chance to earn premium currency by downloading Game B and those players have LAT activated, they can keep installing and uninstalling Game B over and over to earn more credit in Game A without being caught.

“It’s less a fraud scheme and more like piracy,” said Naumann, who noted that ad networks can get around that issue by using their own internal identifiers, and Apple is generally OK with it as long as those identifiers aren’t shared.

Ultimately, red flags abound for fraud on both iOS and Android – and focusing on the operating system is a red herring.

“The bigger problem is that the industry needs more common sense,” Naumann said. “We need to ask questions rather than focus on the OS.”

Questions related to ROI and the bottom line, said Tune’s Koetsier.

“The best defense for advertisers when it comes to mobile ad fraud is trying ad spend to revenue,” he said. “Rear-view metrics like taps, views, app installs and even form fill-outs can be gamed. It’s much, much harder to game actual money in the bank.”

Must Read

Comic: TFW Disney+ Goes AVOD

Disney Expands Its Audience Graph And Clean Room Tech Beyond The US

Disney expands its audience graph and clean room tech to Latin America, marking the first time it will be available outside the US. The announcement precedes this week’s launch of Disney+ with ads in Latin America.

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.

Mozilla acquires Anonym

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Nope, We Haven’t Hit Peak Retail Media Yet

The move from in-store to digital shopper marketing continues, as United Airlines, Costco, PayPal, Chase and Expedia make new retail media plays. Plus: what the DSP Madhive saw in advertising sales software company Frequence.

Comic: Ad-ception

The New York Times And Instacart Integrate For Shoppable Recipes

The New York Times and Instacart are partnering for shoppable recipe videos.

Experian Enters The Third-Party Data Onboarding Business

Experian entered the third-party data onboarder market on Tuesday with a new product based on its Tapad acquisition.