Scam phone apps serve invisible ads, consume data and battery

24 Jul 2015 | Author: | No comments yet »

15% of smartphone apps can scam you, study finds.

According to a new study by ad fraud detection form Forensiq, close to 15 percent of all mobile apps are loading ads while you use them that you might not even see. The invisible images and videos can gobble up your data plan, while reporting back to advertisers that you’ve viewed an image, consequently earning the app developer some cash in the process. But when it comes to ad fraud, one research firm says many slip through the cracks—serving hundreds of unseen ads and destroying your battery life and data plan. That’s fooling advertisers and their ad agencies into thinking real people saw their ads, costing them billions of dollars a year in wasted spending. The apps request access to settings like preventing the device from sleeping, modifying and deleting memory and tracking your location, which are often unnecessary for the app’s purported function.

Just over 13% of ads served up across apps on Android, Apple and Windows mobile devices were concealed from sight in this manner, the firm concluded from an analysis of more than 16 billion views on 12 million devices. “We wanted to show the public how blatant and obvious and hurtful all this fraud is — not just to advertisers who pay for ads that no one sees but also people using these apps on these tiny devices that are bandwidth-limited and power-limited,” Forensiq’s chief scientist, Mike Andrews, told Mashable. There are already several well-known varieties of mobile fraud, including device emulation, mobile user-agent and location spoofing, and fraudulent user-acquisition methods. Thought leaders from the biggest brands and most disruptive companies will share winning growth strategies on the most pressing challenges marketing leaders face today.] Anti-ad fraud firm Forensiq is out with a new report today that adds yet another kind of massive ad fraud to the growing pile of options — thousands of apps that secretly and quickly load hidden ads.

The firm arrived on this data by tracking the inner workings of ad exchanges, or digital marketplaces that auction off the screen space in front of you to advertisers in real time as a page or app is loading. But Forensiq says that its research has uncovered a new variety, which it calls “mobile device hijacking.” In this process, malicious mobile applications pretend to exhibit human behavior by loading new pages or cycling through functions in an app, all of which loads advertising. Advertisers are paying about $850 million for these ads each year, according to the report, and the apps with the highest rate of ad fraud can burn through 2 gigabytes of data per day on a single device. These apps, of which there are at least 5000 across platforms, rapidly load and invisibly display ads on a smartphone or tablet even if the app hasn’t been launched. If you accidentally grant access, that means that an app could be running and serving ads, and consequently adding to your mobile data bill, while your phone is sitting on your nightstand.

It’s difficult for legitimate companies in the ecosystem to identify and combat fraudulent players, and in some cases, those legitimate companies may not be motivated to spend their time and money weeding out bad actors. But they load far more ads than any normal application would—as many as 20 ads per minute—and in many cases they do so in the background when the app isn’t being used—which means they are never seen. In many ways, these apps act like botnets that scams users, but where botnets are usually unintentionally installed on desktops, these apps live in trusted app stores. If you want to make sure you’re not getting taken advantage of, it’s always a good idea to occasionally go into your phone’s settings and note which apps on your phone are using a tremendous amount of data or power.

Forensiq estimates that about 1 percent of mobile smartphone users in the U.S. run at least one app with this ad-serving flaw, and that number increases to 2-3 percent in European countries. But as Forensiq points out, most PC malware is downloaded without the user’s knowledge via email or infected webpages, whereas mobile app fraud comes from apps that users download willingly. Many of them are simple games or utilities, and they seem to have real users.“It’s not Angry Birds or Candy Crush, but these are apps that people play and enjoy and some real effort went into developing,” says David Sendroff, Forensiq’s founder and chief executive. It found the apps by using the real-time tracking data that it gets from the various mobile ad networks that it is integrated with, which allowed it to look for the kind of rapid ad-loading and background functions that most malicious apps exhibit. By the way, the 5,000 apps identified by Forensiq are mostly obscure games and other apps intended specifically to hijack the phone, not popular ones such as Candy Crush or Angry Birds.

One of them was a breastfeeding app for Apple devices published by American Baby magazine and app developer Sevenlogics; the invisible ads tout Olive Garden, Amazon, and IBM. These fraudulent apps make an average of 1100 connections per minute, communicating with as many as 320 ad networks, ad servers, exchanges, and data providers in an hour.

They may not display ads but may be the victim of app spoofing, in which a dodgy publisher or ad network may change the app headers as they’re passed to a mobile ad exchange to make them look like a different app. For one, antivirus software can’t detect it. “It takes some skills to find these bad guys,” Sendroff says, and advertisers will need to work with services such as–yes–Forensiq to catch the malicious apps. I also noticed the pop up ads became more tricky to avoid accidentally clicking on, and now I swear my phone takes me straight to the App Store when I haven’t even touched the screen after the pop up appears. In addition to malicious apps, the company says it also saw some apps that don’t even display ads showing up in its scan of ad behavior—including BlackBerry’s BBM messenger—which suggests that other apps are spoofing their unique identifiers. Unfortunately it’s too late for me to switch apps because all my info is wrapped up in this one.” Complaints about crashing and slowness are also common on reviews for a series of silly games for Android devices with names like Waxing Eyebrows, Celebrity Baby, and Vampire Doctor, all published by the developer Girls Games Only.

Forensiq’s video shows these also running code that produces a steady stream of unseen advertisements from companies like Microsoft, Coca-Cola, and Mercedes Benz. He told me Forensiq had been unaware “mobile device hijacking was used by readily available apps to commit ad fraud,” and was surprised by the extent of the problem. Also, check out what permissions an app is requesting, since some want to run on startup. “We believe that a lot of the fraudulent traffic is coming from users who installed apps and forgot they are still present on their phone or tablet.

To obtain the data behind this report, Forensiq developed custom capture and analytical tools, and conducted tests for hundreds of hours over two months. Fraud is endemic in the online advertising world, and the victims—the brands paying for the ads—often lose track of where their ads end up once they are traded through several automated layers of middlemen.

Here you can write a commentary on the recording "Scam phone apps serve invisible ads, consume data and battery".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site