How Fraudulent App Publishers Are Draining Your Advertising Budget

Marc Rubia Criado
Marc Rubia Criado Thu, Aug 4, 2022

Fake apps, malware, and adware traffic have been causing havoc for legitimate ad campaigns for a long time. Given that there are millions of Android users all over the world and countless developers publishing apps, you need to block every fraudulent app before it can cause damage. 

With programmatic display ad spending higher than ever, advertisers running app-based campaigns must keep an eye on apps that might not be as legitimate as they seem. 

We've studied fraudulent apps and have found some in the Play Store with up to hundreds of thousands of user downloads, all with the potential to drain your advertising budget.

Just because an app is published, that doesn’t automatically mean it is safe. 

Read on to discover how app-based ad fraud is performed, how to identify fake apps, and the devastating effects they can have on your campaigns. 

What detrimental effects do fraudulent apps have on advertising budgets?

Advertisers everywhere suffer major consequences from fraudsters targeting their ad campaigns. 

Fake ad engagements

The bottom line is that for every fake ad engagement your campaign receives, the more of your ad budget is wasted. Fraudsters capture a substantial share of ad budgets, which is money that could be spent elsewhere on real and valuable users. And, as you’ll see in the section below, we’re not talking about a handful of user installs -- we’re talking about hundreds of thousands.

Theft of payouts

Despite the fact that the engagements are faked, fraudsters receive final payouts. Not only is this deeply unfair, but it results in the theft of real conversions. Advertisers are still being invoiced for the fake views, which particularly impacts advertisers using a CPM campaign model.

Skewed analytics

Often, your campaigns are only as good as your analytics. If you’re working with data flawed by fraudsters’ handiwork, this will negatively influence your future campaigns and ad spend budgets.

Reputation

Most fake apps are published in beta mode, which means users cannot leave reviews and warn other users against downloading them. These apps are also frustrating for users as they are tricked into thinking they will begin to work. Eventually, they cause reputational damage since users associate the ads of the brands being published with the annoying experience on the app.

How do fraudulent apps get published?

Each app marketplace has its own regulations and requirements when it comes to publishing apps. Fraudsters are innovative and know exactly how to get away with hosting fake apps and engaging fraudulently with ads in the Play Store. While some of the ad fraud techniques they use are more sophisticated, the methods they apply to make the apps seem harmless and legitimate and avoid detection are often quite simple. Let’s take a look at how they do it.

infographic of how fraudulent apps get published - opticks

Publish apps in beta mode

Fraudsters will often publish apps in beta mode. While legitimate app developers use beta mode to get user feedback on features and test the waters, fraudsters use it to soft-launch fraudulent apps to avoid garnering user reviews.

Basically, users can’t leave public reviews once they’ve installed and accessed fraudulent apps in beta mode.

Use fake content on the Play Store page

Fraudsters will use legitimate-looking screenshots of an app in use, as well as stolen or improvised text, to make an app appear safe and lure users into installing it so that they can generate fake ad impressions, clicks, and leads.

Purchasing existing apps

Sometimes, fraudsters will buy existing apps that have been left dormant or given up on by developers and use them to fraudulently display and engage with ads.

Why don’t app marketplaces always remove fraudulent apps?

Although there are many recorded instances of app marketplaces removing fraudulent apps once they’ve been discovered -- Google, for example, withdrew more than 1,700 Android apps infected with Bread malware in 2020 alone -- the core problem is that fraudsters are able to publish them.

Also in the case of Google, modern fraudsters can circumvent its prevention techniques and insert their apps into the Play Store.

So, while there are numerous cases of fake apps being removed, the sheer amount of them launched every day makes it nigh-on impossible for even Google to keep track of.

At Opticks, we analyzed and detected fraudulent apps before Google had the chance to identify them. Not only did we detect the fraudulent app traffic, but we blocked it from infiltrating clients' ad campaigns.

To protect campaigns from fraudulent apps, we also regularly check that apps that are delivering traffic are on the Play Store. Plus, both our anti-fraud specialists and customers are able to view the app names that are delivering traffic to campaigns. This way, we can both check whether the app is wanted and also verify its legitimacy manually before blacklisting it.

The common types and techniques used in app-based ad fraud

There is no single way that fraudsters attack your app-based ads -- in fact, they employ many types of ad fraud and ad fraud techniques to illicitly engage with them and drain your budgets.

Below, we go through the most common types of ad fraud and the tactics fraudsters use to prey on your ad campaigns.

SDK spoofing

This bot-driven mobile ad fraud method sees fraudsters creating fake, though seemingly genuine, app installs and post-install events. They achieve this by adding code to an app that can later trigger simulated ad clicks, app installs, and fake engagements.

Fake app attacks

Similar to SDK spoofing, fraudsters also create fake app “attacks”. This method involves creating fake apps as part of a (usually sophisticated) fraud campaign for maximum diffusion.

Often, these apps look extremely similar to other well-known apps, and sometimes even use the same branding, name, and content as them.

Silent, hidden background ads

Hidden background ads deplete advertising budgets with fake views. This type of app-based ad fraud was highlighted in the 2020 Drainerbot campaign, where fraudsters ran apps silently to generate fake video views.

Ask users to enable certain permissions in the app

Fraudsters are incredibly sneaky. Once users have installed apps, they ask them to allow extra permissions (that the app doesn’t require to run) in order to deliver ads. The typical case globally is when apps ask users to enable notification management -- and then abuse that permission to send hordes of ad-containing notifications.

Each permission granted enables certain actions, such as notification, internet, and “receive SMS” permissions. Some of these aren’t considered dangerous (such as internet access) and require no user confirmation, while others require explicit user confirmation.

The requirement of enabling permissions that aren’t necessary for the app to run (e.g. sending and receiving messages for a flashlight app, or notifications for a camera app) should raise suspicions of fraud.

Content locking and fake content techniques

Content locking is when you have to perform an action such as registering or clicking through to gain access to the app. As well as getting false permissions, fraudsters also try to disguise the ad register as if it is the app login.

As you’ll see from some of the real-life examples later in this article, fraudsters also use fake content to lure users into downloading apps with features that they don’t actually have or which are not even technically possible.

How to identify fraudulent apps in the Play Store

Although Google has implemented multiple security checks to prevent malicious apps from entering the Play Store, several fraudulent apps remain undetected.

So, how can fraudulent apps in the Play Store be spotted? There are a few tell-tale signs:

  • Apps with zero user reviews and/or those published in beta mode can be a red flag for ad fraud. For this reason, it’s good practice to always double-check user reviews.
  • Some apps promise to deliver features that aren’t possible or easy to perform via Android. If an app claims it can change the charging screen or recover deleted media, this is a likely tip-off that it’s fraudulent.
  • Always check the developer’s email address and how many apps they’ve published. If they’ve only published one app and have an odd-looking email address, this app is probably not legitimate.
  • If the app description is low quality and ridden with typos and grammatical mistakes, this can also be a sign that a scam awaits the user after installation.

    5 examples of fraudulent apps found in the Play Store

    So, what do fraudulent apps actually look like? Below are five real-life examples of fraudulent apps found on Google’s Play Store – all of which have a minimum of 100,000 user downloads, so their potential for ad fraud is massive.

    Ultra Games

    100,000 user downloads

    Ultra Games gives the appearance of a “game toolbox”, when in reality -- as seen in the video below -- it contains nothing at all. This is a perfect example of the fake content technique.

    Once the app is downloaded, it opens a full-screen ad. The app cannot actually be used; the only thing it does is open the ad, for which the advertiser is invoiced.

    As this app is published in beta mode (see above), the user cannot even review the app and prevent other users from downloading it.

HubSpot Video

 

Flashlight LED

100,000 user downloads

Despite its name, the Flashlight LED app does not provide an LED flashlight upon download. It actually uses the hidden ad technique to illegitimately charge advertisers for unseen views.

As seen in the video, once the app is opened, a fake error -- imitating a system error -- appears. Flashlight LED also has a long loading screen before the app opens. This loading dialogue is a cunning way to run operations in a remote server to check if there are ads to deliver to specific advertising segments or locations.

Like the Ultra Game app, Flashlight LED has also been published in beta mode to avoid receiving user reviews.

HubSpot Video

 

Recover App

500,000 user downloads

The Recover app is similar to the Flashlight LED app: it displays hidden ads, has a long loading screen, and is in beta mode.

HubSpot Video

 

Charging Animation Light

100,000 user downloads

The Charging Animation Light app pretends to provide users with a range of animations that are displayed while their devices are charging. In reality, it uses fake content, hidden ads, and beta mode techniques, with similar duplicitous loading screens and fake error messages as the apps described above.

HubSpot Video

 

Pony Camera

500,000 user downloads

This app allows users to change their hair into “pony hair” via their cameras. However, they can't access the app until they allow notification management permission, something that shouldn't be required. This is actually a content locking technique employed by the app to then constantly send ad notifications to the users. Surprisingly, the app has no user reviews, even though it hasn't been published in beta mode.

HubSpot Video

 

Being aware of fraudulent app publishers is only the first step

Many fraudulent apps aren’t caught and blocked by marketplaces, causing huge problems for advertisers.

And, even though developers might look different on the surface, multiple ad fraud schemes have reached millions of installs with global reach to multiple advertisers. While you can manually check your placements and publishers for unknown, suspicious publishers, this isn’t an efficient use of your time and resources.

Opticks' fraud detection solutions give you deep visibility into the origin of your traffic -- including apps and their Play Store status -- to block fraudulent app traffic before it can drain your budget and destroy your campaigns.

To learn more about how the expert team at Opticks can help protect your advertising campaigns, contact our expert team today for a free demo.

BOOK A DEMO

 

 

 

 

 

 

 

 

Topics: Ad Fraud Blog