Update: An earlier version of this article stated that click injection is when a fake app is created for malicious purposes, but it is actually when a real, low-quality app is created to trigger fraudulent clicks. The article has been adjusted to reflect this.
A type of ad fraud that has dogged the industry for decades reared its head again this week: click injection.
Facebook announced it is suing two app developers that have used click injection on its platform in order to fraudulently generate ad revenue. Fraud experts have described that this particular case of malicious attack, and Facebook’s response, as unprecedented. Need a refresher on why this is a big deal? Here’s a primer.
OK, what is click injection?
There are tons of varieties of ad fraud, and click injection is a type used by fraudsters on apps specifically. It has evolved from click spamming (when a fraudster attributes clicks to users who haven’t made them), and is when a fraudster creates a low-quality Android app that is purposefully designed to hijack a user’s device and create a legit-appearing click in order to siphon revenue from campaigns that are measured, and paid for, on a cost-per-install basis on mobile devices. As part of the process fraudsters can detect when another app is about to be downloaded, and trigger clicks right before the install completes. The fraudster then gains credit for the installs.
This isn’t new, so why is it coming up now?
Click fraud has been around for a couple of decades, but never before have there been examples of mobile apps designed specifically for a fraud scheme that exploits both Google’s Play Store and Facebook’s Audience Network, until this week. On July 13, Facebook sued two app developers — LionMobi in Hong Kong, and JediMobi in Singapore — that it had discovered were deploying the tactic on its platform to generate fraudulent revenue. “Facebook is signaling to the world that third parties are or have been abusing their platform,” said Augustine Fou, independent anti-fraud consultant.
What were more common former techniques?
Previously, bad actors inserted malicious code into otherwise legitimate apps in order to register false clicks in the background, according to Mike Bittner, associate director of digital security and operations at The Media Trust. Google recently banned an app called CooTek, which featured malicious adware for instance. “Lionmobi’s and Jedimobi’s apps show malicious developers’ deepening knowledge of the various digital ad supply chains and appear to be improving their mastery of infiltrating the walled gardens,” said Bittner.
So who does this hurt?
Marketers mainly. The tactic enables fraudsters to trick advertisers into thinking users have engaged with, or clicked on, their ads. The result is that those advertisers may think those channels are performing well, and so they will continue to spend or even increase their spending amount. So it mucks up the accuracy of marketers’ data, creating a real attribution headache for marketers. But like any ad fraud, it’s not good for anyone in the digital ad supply chain.
Why is it important Facebook has sued these developers?
Platforms including Facebook are under heaps of regulatory scrutiny, for various reasons including data privacy. After the Cambridge Analytica scandal, Facebook will likely be keen to, at least be seen to, keep its nose clean, both to consumers and data protection regulators. “It makes sense that these companies [tech platforms] will want to maintain or restore consumer and business confidence in the security and privacy of their digital ecosystems,” added Bittner. “They want to avoid the fines, the headlines, and any other issues that can hurt consumers and their business.”
Ad fraud has always been likened to a game of whack-a-mole. Is Facebook’s lawsuit likely to make much of a difference?
It could. Much of the digital ad industry infrastructure is predicated on the model where high revenues are generated from high volumes of ads delivered. Some believe that this has been what has allowed fraud to fester for years — that ad tech vendors aren’t typically incentivized to quash ad fraud because they do well from high volumes of ads running through their platforms, whether they’re legitimate or not. But Facebook’s no-tolerance stance to these two app developers this week may make a real difference. “I see the momentum building where mainstream companies are finally starting to sue fraudsters, thus making it a bit harder for fraudsters to get away with it or do fraud without a care in the world,” added Fou.
Publishers say the competition is steeper than expected for event sponsorship dollars this year
Selling events was harder than expected for some publishers in Q2, but having a niche helped win some of the coveted sponsorship dollars.
Why some publishers are giving their AI chatbots a personality
BuzzFeed and Ingenio are hoping giving their chatbots a unique voice and tone will differentiate their AI products but others are prioritizing utility over entertainment.
Digiday+ Research: Nearly two-thirds of publishers think they will lose when the third-party cookie dies
Publishers have been busy prepping for the end of the third-party cookie, but that doesn't mean they think they'll come out on top in the post-cookie era. In fact, publishers count themselves among those who stand to lose from the end of the cookie.
SponsoredWhat the measurement and currency discussion really means to TV advertisers
Ali Mack, head of TV and agency, Experian Major streaming video providers have recently made headlines by adopting new currencies for ad measurement, threatening Nielsen’s long-standing TV ratings monopoly. NBCUniversal, for example, has certified iSpot and VideoAmp as currencies for advanced audiences and formed the Joint Industry Committee with Paramount, TelevisaUnivision and Warner Bros. Discovery. […]
Media Briefing: Publisher execs fear lack of visibility for Q3, but feel steady year over year
Publisher execs share how Q2 shook out for their businesses as they brace for an equally murky second half.
As AI spreads across the marketing landscape, data’s role will be key to success or danger
There’s a growing awareness of the risks inherent in AI's ultra-powerful potential, but whether enough steps are being taken to mitigate them remains a huge question mark.