Mobile marketing networks are getting good at geo-fencing for advertisers, but they need to get better at fencing out bogus ad traffic perpetrated by robotic programs.
Computer hackers are intensifying their infiltration of mobile ad networks, according to a Bot Traffic Market Advisory released this week by Solve Media, whose Type-In advertising platform is designed to repel non-human visitors. The ad platform’s tracking of some 7 million mobile transactions in Q1 2013 identified 29% of them as suspicious and confirmed that 14% were confirmed as bots.
“It’s easier for bad guys to infiltrate mobile,” says Solve Media CEO Ari Jacoby. “It’s a much newer technology and the industry lacks the sophistication to stop it. We’re seeing an alarming increase in mobile traffic comprised of bots and not humans.” Advertisers will waste close to $1 billion on bogus mobile publishers and leads in 2013, the study estimates.
Hackers scam advertisers by creating websites with bogus content and then populating them with ‘visitors’ that are in actuality hits registered by robotic programs. Advertisers buying via ad networks pick these sites as relevant to their media plans, identify them as low cost, and run ads. They often see incredible conversion rates that keep them coming back, even though the conversions are scammed by bots.
“The tech vendors in mobile need to catch up with the bots. We’re seeing a tremendous rise in suspicious traffic,” says Eric Litman, CEO of third-party mobile ad server Medialets. “It doesn’t really take that much to get some safeguards in place. Advertisers can start by putting the pressure on their vendors. Ask publishers and networks how they are addressing the problem.”
One of those tech vendors, however, says it can get a little more complicated than that. “You can’t just ask the vendors what they’re doing. You have to ask the vendors what they’re doing and see that it fits in with your environment,” says David Schwartzberg, senior security engineer at Sophos, an IT and data security provider.
Schwartzberg agrees that the challenge is made greater in mobile, not only by the newness of it, but by the nature of it, as well. A new mobile “Trojan horse” — in computer security parlance–called ZitMo allows hackers to control mobile programs from mobile devices. “This gives the hackers more mobility,” says Schwartzberg. “Previously, they needed to be on computers and servers and they don’t have those limitations in mobile.”
Bottom line is, there is no easy answer to the bot problem. Litman calls it a “never-ending cat and mouse game,” and Schwartzberg concurs. “Bot authors know what they’re going to do two or three steps ahead,” the security expert says. “As soon as the advertising community gets one problem solved, they launch the next.”
Bots operate differently in mobile than in the desktop space, since it is apps they need to infiltrate in addition to websites—specifically, Android apps. They cannot penetrate iOs apps, which exist in a so-called “walled garden” environment that allows entry only to authorized software. When a mobile user opens an app that a hacker’s malware has penetrated and then closes it, the malware remains behind to track behavior. That saps memory even when a mobile device user closes out. This provides mobile marketers with a quick and cheap detection method. “Go to the reviews page of your app and scroll down to the one-stars,” says Schwartzberg. “If there are a lot of them saying that your app drains their batteries, that’s a great indicator of malware.”
On the industry front, the Interactive Advertising Bureau recently introduced the formation of a “Traffic of Good Intent” task force charged with raising awareness of “non-intentional” ad traffic and recommending solutions. It is chaired by Federated Media Executive Chairman John Battelle and media6degrees President Penry Price.