Home Mobile Heads Up, Fake Apps: Ads.txt Is Coming For You

Heads Up, Fake Apps: Ads.txt Is Coming For You

SHARE:

Ads.txt is headed to the app ecosystem. What form will it take? That’s still shaking out.

The IAB Tech Lab released guidance on Wednesday with several proposals for how to implement Ads.txt within an app environment. Ads.txt is the Tech Lab’s initiative to reduce inventory spoofing and help advertisers distinguish legit supply sources from the imposters.

The desktop and mobile web version of Ads.txt, which lists authorized sellers within a text file hosted on a publisher’s root domain, debuted last June. Since then, more than 2 million publishers have adopted the spec.

But what works for the web doesn’t necessarily work for apps. (Speaking of, who’s tired of hearing “You can’t call it ‘in-app header bidding’ because there’s no header in apps?”)

The most glaring difference between apps and web browsers from an Ads.txt perspective is that apps don’t have a handy web domain where publishers can easily list their seller files, said Dennis Buchheim, SVP and general manager of the IAB Tech Lab.

To get around that, the Tech Lab hopes to piggyback onto a metadata field used by app stores to identify an app within their ecosystem. When developers register an app in iTunes Connect, they create what’s known as a bundle ID, which resembles a reverse URL. The bundle ID for the Apple Pages app, for example, would be “com.apple.pages.” Google uses a similar system within the Play Store.

“The idea is that you can specify the reverse URL with any supply you’re making available through OpenRTB on any inventory, and the app name is embedded in there,” Buchheim said. “It’s like a trail of breadcrumbs that leads you through verifiable sources.”

The only problem with the reverse domain method is that it relies on the app stores playing along, and they aren’t hopping aboard as quickly as the Tech Lab would like.

The app store fields aren’t consistently supported or designed to support Ads.txt. In an ideal world, all three big app stores – Google, Apple and Amazon – would implement or designate a standardized field for in-app Ads.txt and clear up other little barriers.

For example, Apple caps how many times anyone can look up a bundle ID. If you hit that threshold, further requests are rejected. That won’t fly in the OpenRTB ecosystem.

Conversations are furthest along with Google, which is a Tech Lab member. There’s been less progress made with Apple and Amazon, although Buchheim hopes that releasing the specs will light a fire under their collective behinds.

“If there’s a groundswell, the app stores will need to support this,” he said.

But if they don’t or can’t get their act together in a timely enough manner, the IAB Tech Lab has alternative options, such as implementing a standardized API created by a third-party or independent entity to retrieve an app’s identifying metadata. It would also work if the app stores developed an API to support Ads.txt, but it’s a heavier lift to implement and fairly unlikely.

“The main thing is that we want to deploy this as quickly as possible and make it be as similar as possible to deploy for developers as it is for website owners,” Buchheim said. “The field requires the least technical effort, and it’s a secure, enduring mechanism.”

Assuming the Ads.txt-for-apps initiative gets buy-in from the app stores, Buchheim expects rapid adoption among publishers. There might also be a knock-on effect that cleans up the third-party app store ecosystem, most of which is outside the US.

“Ads.txt resulted in a bit of a shakeout on the web, and the same thing could happen here,” he said. “If it takes off for apps, the illegitimate app stores that don’t participate will essentially be waving a flag that says, ‘Don’t work with us.’”

But Ads.txt won’t solve spoofing on its own, whether on the web or in apps. It works best in combo with Ads.cert, an OpenRTB spec set to be released soon that uses cryptographic security tech to verify ad space. Think of Ads.txt and Ads.cert as two-factor authentication for programmatic buying.

“Ads.txt is about authorized resellers and Ads.cert is about authenticating what you think you’re buying,” Buchheim said. “You can go to an authorized Rolex reseller, but suppose the reseller is shady and sells fake Rolexes. You need both to really stamp out fraud in any environment.”

Tagged in:

Must Read

Kickbacks Takes An Outsider’s View While Bringing Ads To AI Agents

Andrew McCalip is a founding engineer at Varda Space Industries, where he oversees the manufacturing of things like hypersonic reentry vehicles and satellite buses.

CTV Buyers Are Getting The Show-Level Performance Optimization They’ve Always Wanted

A collaboration between InterMedia Advertising, Peer39 and Pontiac Intelligence provided show-level cost-per-acquisition data for 94% of CTV ad impressions.

Advertisers Await Programmatic Pause Ads

The IAB Tech Lab is working on standardizing programmatic signals for new streaming TV ad formats, including pause ads. Meanwhile, many brands are eager to add pause ads to their repertoire.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.

TransUnion is partnering with Blockgraph so that advertisers can use its identity data to target, reach and measure TV households across channels.

How This Disaster Relief Nonprofit Tapped First-Party Data To Reach Donors Year-Round

Staying top of mind for potential donors is an ongoing challenge for Direct Relief. Nexxen’s audience curation helped it spread and sustain awareness.

Why Major UK Publishers Are Finally Joining Forces To Curate Ad Inventory

Atria’s collective approach is a response to growing monetization challenges and the need to protect the value of human journalism in the AI era.