News, news analysis, and commentary on the latest trends in cybersecurity technology.

Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API

The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic.

Hand holding white phone with robot icons in the background.
Source: Zapp2Photos via Shutterstock

Billions of dollars are spent annually on online advertising, making it a lucrative target for fraudsters intent on grabbing a piece of those funds. For app developers in the connect TV and mobile space, detecting and blocking ad fraud from their apps can be difficult without specialized tools.

Mobile and connected TVs have become breeding grounds for fraudsters, driven in part by a fragmented ecosystem of multiple app stores with millions of apps, says Pixalate, which provides a fraud protection and compliance analytics platform for connected TV and mobile advertising. Global losses to ad fraud exceeded $35 billion, the World Federation of Advertisers last year, with forecasts suggesting that losses would rise to $50 billion by 2025.

To address this gap, the company announced its Ad Trust & Safety API suite, a set of self-service APIs and SDKs for developers to incorporate fraud prevention technologies into apps for iOS, Android, Chromecast, Roku, Amazon Fire TV, Apple TV, and major gaming consoles.

“We believe fraud prevention technology should be accessible to all—because no one is safe from ad fraud until everyone is safe," Jalal Nasir, founder and CEO of Pixalate, says in a statement. "Developers now finally have the fraud prevention tools they need to protect their apps, preserve their brand reputation, and help eliminate widespread fraud."

Ad Fraud's Impact
At the core, fraudsters have one simple goal: misrepresent online ad impressions and generate revenue. There are more than 40 different tactics the fraudsters can use to reach their goals, such as using a botnet to bombard the app with fake user traffic, sending non-human traffic (referring to traffic originating from data centers, headless browsers, and known crawlers), and spoofing traffic to look like a user when it isn't. Device hijacking occurs if the user has adware or malware already on the device.

According to Pixalate, app spoofing is the primary type of ad fraud for connected TVs and device hijacking via adware and malware is the primary type on mobile devices.

For app developers, if they don't try to block Invalid traffic or bot traffic — which can lead to fake clicks on ads — they run the risk of being banned by ad networks and getting the app delisted from major app stores. And if the app gets delisted, there is a financial impact, as developers deal with clawbacks, where ad commissions must be returned.

The problem is that many developers are not even aware of the fraudulent traffic flowing through their applications, and "left in the dark" regarding how they could improve traffic quality, the company says. It's a vicious cycle: they don't know how to block fraud, so they wind up experiencing more fraud.

In an analysis of more than 5 million mobile apps across the Google and Apple app stores, Pixalate found that more than 813,000, or over 15%, of apps were delisted in the first half of 2021. These were widely used apps — with over 9 billion downloads from the Google Play Store and over 21 million consumer reviews on the Apple App Store prior to being delisted. Delisting could be caused by various factors, including having functionality that violate app store policies and fraud.

Baking Security Into the Apps
Developers can build fraud protection features into the overall workflow with Pixalate's new API and SDKs. The anti-fraud technology would be able to quickly check and evaluate if a user is fraudulent, and block the traffic if it's not a legitimate user. Developers can also look up how service providers would evaluate the app based on various risk criteria, the company says.

Machine learning models help detect non-human traffic patterns that indicate ad fraud, Pixalate says. The company processes 2 trillion data points a month to calculate fraud scores of 2.5 billion mobile devices and block the fraudulent traffic.

The API, which currently supports Curl, C#, Go, Javascript, Node.js, and Python, can be incorporated into the apps with just a few lines of code, the company says.

About the Author

Fahmida Y. Rashid, Managing Editor, Features, Dark Reading

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights