Home Mobile Why Apple’s SKAdNetwork Could Spur Ad Fraud In IOS 14

Why Apple’s SKAdNetwork Could Spur Ad Fraud In IOS 14

Will Apple's SKAdNetwork make app marketing in iOS 14 more or less susceptible to fraud. The answer is yes, no and depends on the type of fraud.

SKAdNetwork is Apple’s homegrown solution for attribution.

Apple itself verifies when clicks lead to installs and shares that information directly with ad networks through an encrypted postback and without the need to pass an IDFA.

That should make app marketing in iOS 14 pretty much impervious to fraud … right? Well, yes and no.

It depends on what type of ad fraud you’re talking about, said David Gregson, a product manager at MoPub.

While SKAdNetwork is likely to help cut down on click and view-through attribution fraud, Gregson said, it could make mobile ad fraud trickier to track while also making it easier for bad actors to disguise fake traffic.

Although iOS overall is considered less susceptible to chicanery than the open-source Android operating system, the Apple ecosystem is still vulnerable to fake traffic, bogus clicks, non-visible ads and other common forms of ad fraud.

First, the good news …

With SKAdNetwork, the App Store becomes the mediation layer between the publisher and the advertiser. In order to keep the data flow anonymous, the notification about an install is sent via the App Store without any personally identifiable information appended.

In order to prevent fraud, a cryptographic signature is added to conversion postbacks that third parties can validate using a public key supplied by Apple. Mobile measurement providers (MMPs), such as Branch and Singular, are trying to position themselves as one-stop-shops to verify and aggregate Apple postbacks.

With this setup, claiming credit for fake ads and fake clicks gets much harder. In classic attribution fraud, a bad actor could simply tell an MMP that a user clicked and get credit even if there was no click at all.

“But a click only gets submitted to SKAdNetwork if a user actually sees an App Store view open up on the screen,” Gregson said. “That will make it more difficult to submit fake clicks in iOS than it used to be.’


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

… and then the not-so-good news

But a number of possible side effects of the way SKAdNetwork functions – and of Apple’s IDFA opt-in requirement for iOS 14 – could open the door to bad acting.

Although the value chain on iOS will be more secure, that will only provide a “perceived notion” that iOS advertising is less penetrable to fraud, said Maor Sadra, CEO and co-founder of incrementality startup INCRMNTAL.

Because SKAdNetwork only sends aggregated campaign data to advertisers, attribution becomes a form of guesswork. There’s lots of wiggle room there.

“Fraudsters are having wild raves and sharpening their knives right now,” Sadra said.

Eliminating online identifiers, such as the IDFA, for example, makes it easier for fraud to masquerade as human traffic, said Luke Taylor, founder and COO of ad fraud protection vendor TrafficGuard.

Fraudsters will often simulate traffic as having opted into Limit Ad Tracking (LAT) as a way to obscure its origin, Taylor said. When users enable LAT, Apple returns a series of zeros rather than an IDFA, which prevents user identification.

Now that many users are unlikely to opt into IDFA tracking in iOS 14 – thereby becoming de facto LAT traffic – Limit Ad Tracking becomes the perfect cover for bad actors looking to hide invalid traffic. They don’t have to bother spoofing the IDFA anymore to send along with their fake iOS traffic.

“All they have to say is that they’re not passing the IDFA, because LAT is enabled,” Taylor said. “It’s a problem that will persist and can’t be easily solved by Apple.”

Or, perhaps, by the anti-fraud vendor community itself.

Although Apple’s user privacy and data use documentation for iOS 14 creates an exception that allows companies to track users without permission for the purposes of fraud detection, fraud prevention and security, the very nature of SKAdNetwork could prove challenging in the fight against fraud.

“In a perfect world without fraud, aggregated data doesn’t muddy the waters, you just do more modeling and it’s fine – but when you begin to think that some of that could be fraud, how do you identify it?” Taylor said. “It becomes easier for fraud to go undetected if it’s just one component of something larger.”

Must Read

It’s Open Season On SaaS As Brands Confront Their Own Subscription Fatigue

For CFOs and CEOs, we’ve entered a kind of open hunting season on martech SaaS.

Brian Lesser Is The New Global CEO Of GroupM

If you were wondering whether Brian Lesser was planning to take some time off after handing the CEO reins of InfoSum to Lauren Wetzel last week – here’s your answer.

Comic: S.P. O'Middleman's

TripleLift CEO Dave Clark Abruptly Exits After Setting The SSP On A New Trajectory

Dave Clark, who’s led TripleLift for the past two years, is stepping down, effective immediately, and is being replaced by a coterie of TripleLifters.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
shopping cart

Moloco Invests In Its Competitor Topsort As The Retail Media Stakes Go Up

Topsort can lean into Moloco’s algorithmic personalization, while Moloco benefits from Topsort’s footprint with local retailers in the US and in Latin America.

CDP BlueConic Acquires First-Party Data Collection Startup Jebbit

On Wednesday, customer data platform BlueConic bought Jebbit, which creates quizzes, surveys and other interactive online plugs for collecting data from customers.

Comic: The Showdown (Google vs. DOJ)

The DOJ’s Witness List For The Google Antitrust Trial Is A Who’s Who Of Advertising

The DOJ published the witness list for its upcoming antitrust trial against Google, and it reads like the online advertising industry’s answer to the Social Register.