Smartphone Apps Fraudulently Collecting Revenue From Invisible Ads

JoeyRox writes: Thousands of mobile applications are downloading ads that are never presented to users but which collected an estimated $850 million in fraudulent revenue from advertisers per year. The downloading of these invisible ads can slow down users' phones and consume up to 2GB of bandwidth per day. Forensiq, an online technology firm fighting fraud for advertisers, found over 5,000 apps displayed unseen ads on both Apple and Android devices. "The sheer amount of activity generated by apps with fake ads was what initially exposed the scam. Forensiq noticed that some apps were calling up ads at such a high frequency that the intended audience couldn't possibly be actual humans."

Slashdot

[Anonymous Coward]

Cough.

Is there a list of the fraudulent apps?

[Taco Cowboy]

Whether or not those apps can be removed I think it would be best if there is a list of the fraudulent apps, and if possible, the frequency of those apps downloading the invisible ads (to enable the users to calculate how much bandwidth those invisible ads are costing them)

Gee, I'm really torn...

[jenningsthecat]

On the one hand, fraudsters who steal phone users' bandwidth in order to reap revenue from advertisers, are scum.

On the other hand, so many advertisers are scum as well, and the enemy of my enemy might be my friend. I might be willing to lose a bite out of my data cap in order to stick it to advertisers. Oops, did I say that out loud?

Re:

[mlts]

The ad industry is a bubble. Look at the clickbait ads pushed at you constantly. Obama's HARP, reverse mortgages, asking how much your car is worth, "free" [1] $100 Amazon gift cards. Programs that are dodgy at best. "criminal background checks" that demand a ton of your info... then want $35-50 for the check. Yes, there are a few relevant items, but most presented are at best dodgy.

What they are selling are not ads. They are selling the data that gets slurped off your phone or computer, which is why

Re:

[bondsbw]

So, what you're saying is...

- Users are not forced to pay once cent to obtain any of the content
- Users find products they are interested in, and are priced reasonably enough that the user wants to purchase the product
- Sellers find potential buyers they might otherwise not find
- Sites make money to encourage continued generation of content

And on top of that, users can block ads just by installing AdBlock.

I'm really having a hard time finding the downside in this.

Re:

[mlts]

Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.

People are inventive. The Internet as we know it would survive if all the third party behavioral monitoring, tracking, ad-slinging, and shovelware/malware companies took a powder.

[1]: None of these solutions are perfect, but the current ad model can be abused as well.

Re:

[Aighearach]

Websites existed well before ads came around.

Sizzling Steak may not have come before the programmable philosophic engine, but I'm pretty sure they beat out the WWW.

Re:

[farble1670]

Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.

the early web was experimental and non-profit, but that was really, really early. the internet boom has had ads since day one. there was never a time when websites were (primarily) supported by subscriptions, microTxs, etc.

but anyway, if people could make more money that way, do you think they would? or what, no one has thought of it yet, and the world's just waiting for your insight into website profitability? no, almost no one supports themselves in that manner because it's not viable. any web product i k

Re:

[tompaulco]

I only indirectly stick it to advertisers because websites throw so many ads in my face it bogs down the site, which all but forces me to use Adblock.

I don't blame the advertisers, without them all sites would be Pay to Enter, unless you're a Wikipedia and can get people to give you money every year. I prefer the internet stay free, and I'm willing to deal with ads if they aren't force fed down my throat.

That is untrue. Before advertisement on the internet, there were still millions of sites. At some point, somebody decided we needed to "monetize" all these sites, and that is when advertising started happening. Without advertising most of the information on the internet would still be available, because most of it is available adfree somewhere on the internet already, it is just harder to find it now because of all the sites that basically are just link farms with ads and have no actual useful content of t

Re:

[Kokuyo]

Data cap? Is that really still a thing?

Re:

[wardrich86]

Sure is in Canada. My theiving provider actually has the gall to charge $15/gig over the limit, too. $15! Our plans our nuts, too. I pay over $100/mo for 8 gigs... and that's a reduced rate. Normally it'd probably be closer to $150 or more for the plan.

Re:

[Calydor]

For those who don't think to do the math, the 2 GB per day mentioned in the summary would amount to a monthly expense for you of 880 dollars - and that's if you don't do anything with the phone yourself.

Re:

[wardrich86]

Luckily (and I should have mentioned) there is I think a $50 or $100 cap on that fee.

Re:Gee, I'm really torn...

[GrumpySteen]

Maxim 29: The enemy of my enemy is my enemy's enemy. No more. No less. [schlockmercenary.com]

Re:Gee, I'm really torn...

[Solandri]

While you may disagree with the price exacted by advertisers, they are still providing you with something in exchange. They help pay for the website you are visiting. Without their ads, the site likely wouldn't exist, or would exist in a considerably less useful form.

Ad fraud steals money from advertisers, period. They are taking money from the advertisers without providing a good or service in exchange. This is theft.

Re:

[mjm1231]

While you may disagree with the price exacted by advertisers, they are still providing you with something in exchange. They help pay for the website you are visiting. Without their ads, the site likely wouldn't exist, or would exist in a considerably less useful form.

Counter argument: Ads on a website inherently cause the website to be in a considerably less useful form.

Re:

[Ol Olsoc]

WAd fraud steals money from advertisers, period. They are taking money from the advertisers without providing a good or service in exchange. This is theft.

Tough fucking luck.

I'm not going to load malware on my computer just to please some advertiser.

I'm not going to pay extra money for the bandwidth they steal from me so they can load malware on my devices.

I'm not going to wait 4 or more times as long for the webpages to load just to have "What a housewife in Pennsylvania found that has the insurance companies worried" clutter my screen.

Small and static non-tracking ads - I'll look at those all day.

But the right to serve ads does not include the righ

Re:

[GNious]

There's a flaw somewhere here I think.
The more fraudulent behaviour, the less valuable the individual ad/impression becomes, the bigger the need for fraudulent behaviour.

Re:

[Ed Tice]

The real answer to this is for those developing the fraudulent apps to share a portion of their revenue with you! Then everybody but the advertisers wins!

Re:

[LessThanObvious]

What if they just steal the ad revenue and pretend to send the ad? If it's invisible it does no good to send it at all. Even in matters of fraud, please no half measures. We could even have a service where a host out the cloud takes your place and receives ads and even pretends to click links and thus pretends to be you for all advertising purposes, yet your phone or PC never has to receive the data at all. The advertising profile could be attached to a pseudonym, so it doesn't compromise your privacy or se

Re:

[austinpoet]

The enemy of my enemy is my enemy's enemy. Nothing more.

Re:

[s.t.a.l.k.e.r._loner]

You might be misunderstanding what many of those permissions are needed for. Yes, GPS is not needed for non-navigation apps. But if a game requires any sort of internet access (even for "high scores" or some other bullshit, and certainly for serving you the ads that they thought were necessary to make the game free), it's going to request wifi access so that it can communicate when you're connected to wifi as opposed to burning often limited cell network data. If the game has any function for inviting or sh

It depends on your theory of value

[Etherwalk]

You should only pay out on pay-per-click, and even then, the payout should be largely affected by how long that user stayed after clicking an ad, whether they bought anything, etc.

Under a Lochean earned income theory of value (i.e. you should get paid for what you earn), paying an advertiser based on how successful you are at *retaining* customers sent your way seems wrong in most cases. The advertiser is then earning or not earning money based on how good of a job *you* are doing at retaining customers, rather than based on how good of a job *they* are doing at sending you customers.

There is one relevant component there still which is whether they are sending you the *right* custom

Re:

[AvitarX]

The advertiser could stop showing ads that don't generate revenue.

The advertiser wants to get revenue per ad shown, but they could offer businesses different ways to pay.

Pay per a click (sites that exist on advertising themselves may prefer this model), pay per a view (brands such as coke or pepsi may prefer this), pay per revenue (sites that actually sell things may prefer this). The ad network only cares about pay per view, but if one ad has a huge click through percentage, they could list that ad, and ev

2GB per day? Really?

[StayFrosty]

[quote]The downloading of these invisible ads can slow down users' phones and consume up to 2GB of bandwidth per day.[/quote]

While this is an interesting revelation, I'm not really sure what the fear-mongering is all about. What is Forensiq trying to sell here?

Re:

[Anonymous Coward]

They sell a platform to marketers. The platform attempts to filter out such invisible ad downloads, and it does other things like showing end-consumers the actual address of an ad if it's wrapped in a bunch of iframes.

This story isn't aimed at you, unless you're a marketer looking to avoid paying for ads that customers never see.

Re:

[Coren22]

On Verizon's network, 1 GB costs $10, so 2 GB * 30 days * $10 = $600. That would be a big deal to me if my kids were playing this game with their 4G connection turned on.

Re:

[farble1670]

On Verizon's network, 1 GB costs $10, so 2 GB * 30 days * $10 = $600. That would be a big deal to me if my kids were playing this game with their 4G connection turned on.

which proves that this is not really happening in the wild, otherwise it'd be a much bigger deal. you'd be hearing about on the local news, not /.

Re:

[tompaulco]

I guess I haven't been presented one of these ads, because I don't use 2 GB in a year. But then if they presented an invisible ad to me I might be more likely to buy their product than if they presented a visible ad at me, because that would likely make me not want to do business with that company.

Not very shocking

[s.petry]

First, morality has been in the trash can for quite some time. Some is my own cynicism as I age, but I don't remember corruption being this open when I was younger. I don't see many people even try to hide it today.

Now the easy part. How hard is it to spoof data? I could write code in seconds which builds BS HTML strings and pumps them to wherever I want. I don't believe the advertisers are too shocked about this either, or they would have done something long ago to ensure better security.

Nope, not fraud at all, no sir

[OrangeTide]

Just like everything else in the world, it's always the victims fault for falling for a scam. It's not my fault they made it technically easy to break contractual agreements. And it is a contract, because advertisers are paying money for a service (in common law that would be called considerations, and it is the first hurdle in determining if a contract is valid, written or verbal).

what?

[s.petry]

No matter which way I read your post I disagree. I never stated that the victim is at fault, and don't agree with that position. The point I made was that if you keep the candy jar open and in a spot where it's difficult to monitor, you should not be surprised that people grab a piece without your knowledge.

In other words, we have known for as long as Web ads have been around that "click to pay" can be spoofed. Advertisers kind of forced things in that direction because it looked cheaper on the surface.

Re:

[OrangeTide]

If you have a contractual arrangement to be paid for clicks or views, and you rip off the other party. It doesn't particularly matter how easy or difficult it is to accomplish the breach of contract. If they catch you, they can make a case against you.

Of course if you base your business around bad technology that is easy to trick, I totally agree you shouldn't be surprised if there is rampant abuse.

Senior SW Engineer/Architect - IANAL

Re:

[s.petry]

You are either implying that I approve of illegal behavior through sarcasm, or that you approving the illegal behavior. If the latter, I disagree. If the former, see the latter.

Morality is not the same thing as ease of access.

Re:

[OrangeTide]

Yes, it's clear that you disagree with something. Not that you've been able to respond to any statements without more than a vague disagreement. If you don't want to answer the arguments, then I guess you don't have to respond. But please don't try to setup a strawman for me to attack, because I won't go for it.

Re:

[s.petry]

What specific are you missing? Morally theft is wrong. Stealing something can be difficult or complex. The easier it is to steal something, the more likely it is to occur. That has been my assertion since the first post and every subsequent post.

I never stated that the victim is at fault, and don't agree with that position.

That comment was in regards to your assertion (sarcastically) that the victim is to blame for the crime.

You seem to have great difficulty in reading and comprehending English. What straw man has been set up or could be set up? You continue to conflate morality

Re:

[OrangeTide]

You continue to conflate morality with the ease of an access to a crime. "Morality is not the same thing as ease of access."

I never have. Nor have I mentioned morality as an issue here.

You have repeated ignored my opinion and substituted your belief of what my opinion actually is.

I sympathize with your frustration. Best we part ways before you project further.

Re:

[david_thornley]

Advertisers know about click fraud, just like retail stores know about shoplifting and employee theft. They build it into their rates and prices: if that candy bar cost the store 10% more because about one in eleven is stolen somehow, the store sets the price to account for that. It would be possible to build in a lot of protections against shoplifting and employee theft, but they may not be worth what they cost. It isn't a matter of looking cheaper on the surface, it's a matter of expected cost. Acco

Re:

[s.petry]

I agree. My original point was that the situation should not be shocking to anyone. This is especially true of alleged "Nerds" who should know how these things work.

Re:Keep it up boys

[tompaulco]

Keep it up, keep ripping off advertisers, drive the value of advertising on our phones down to zero. Eventually nobody will be making money and we can relive the golden age of computers on our smartphones, an age dominated by passionate hobbyists and shareware authors.

I keep thinking that we are going to see Google collapse in on itself when people realize that every dollar spent on internet ads leads to less than a dollar worth of increased sales. But Google is smart enough to not be dependent upon ad revenue, but acts as "the house" where they play odds on both the ad buyers and the ad sellers and make sure the house always gets its percentage. In order for Google to go under, a large number of online businesses would have to realize that online advertising is worthless, and lucky for Google a sucker is born every minute.

Re:

[Ed Tice]

Advertising isn't worthless. Online advertising isn't worthless. Poorly targeted advertising probably has negative value. Advertising is especially valuable for things that I didn't know existed. If I'm traveling somewhere new and there's a sign for Canoe rentals, I just might decide to spend a day touring the local waterways. The first iPhone needed a lot of advertising support since it was a brand new product category. I'm waiting to see an advertisement for the latest generation of robot vacuums as

Re:

[farble1670]

I keep thinking that we are going to see Google collapse in on itself when people realize that every dollar spent on internet ads leads to less than a dollar worth of increased sales.

except that's not true. it's all tracked. do you really think that despite seeing that ads don't result in clickthroughs, businesses still are happy to toss their $ in the garbage?

Re: Keep it up boys

[Bing Tsher E]

You make that sound like a bad thing. You know, I hope, that you're posting on Slashdot??

3rd party lib or app itself ?

[perpenso]

I wonder if a 3rd party lib is responsible for any of this, quietly committing the fraud without the app developer's knowledge? Unless those 5,000+ apps are coming from a relatively small number of developers.

Re:

[thsths]

That is a very good question. And I wonder whether 3rd party libs do anything else illegal - such as spying on the user, stealing passwords etc...

Re:

[RyoShin]

Considering how many things are straight-up clones, especially in the Android market, I wouldn't be surprised if it was a handful of companies that pump out cheap (to develop), crap, copy+paste games and put this kind of stuff in them.

Re:

[austinpoet]

Slowing down users phones is qualitative.

Developers can clearly make apps that only update/work via WiFi and not over 3/4G so, if I were a nice ad revenue generating programmer, I'd take a hit on the total gain to limit this impact. Users can track how much data an app uses...

My Cell Data Usage "Current Period 12.4 GB"

[BoRegardless]

I have eliminated Safari and other data intensive app connections to cellular (WIFI only now) and I'm still getting atrocious data use.

This is called FRAUD.

Re:

[CanadianMacFan]

Do you use the Podcast app? It's terrible for using cell data. If you go under Settings -> Cellular you can see which apps are using up your data.

Re:

[BoRegardless]

No Podcasts. I've seen and turned off all but a few essential items. Looks like Fraud to me.

Re:

[itamihn]

In android you can view the data usage per app. Is there something similar in iPhone? It easily pinpoints which is the app(s) that is use more data than they should.

Re:

[Spy Handler]

Yes. Go to Settings -> Celullar and it will list all your apps and how much cellular bandwidth each app has used.

You can also enable/disable cellular access for each app.

Re:

[BoRegardless]

My apps don't add up to 12.4 GB. As I said, this looks like fraud.

Re:

[AvitarX]

Do they add up to close? the cellular network could include protocol overhead.

Hosts on the Android

[TheDarkMaster]

The first thing I do after a system update or rooting is changing the host file to block all know ads servers.

Re:

[Anonymous Coward]

Just say APKs name three times and you will find out.

Re:

[Magnum7385]

Might want to take a look at http://pgl.yoyo.org/as/ [yoyo.org] .. quite handy.

Re:

[Coren22]

APK is that you?

Re:Hosts on the Android

[TheDarkMaster]

Nope. Using this hosts file: http://forum.xda-developers.com/showthread.php?t=1916098 [xda-developers.com]

Re:Hosts on the Android

[drooling-dog]

I've had a very good experience with this one [mvps.org]. I'm accustomed to it now, so using someone else's computer without it (or similar) feels like swimming in a shark-infested pool with turds floating in front of my face.

ad bombs

[Anonymous Coward]

This smacks of the ad bombs I've been dealing with on a particular streaming site. The site tries to display an ad, which adblock promptly blocks. The site sees this and decides to send ALL of the ads, in what I'm calling an ad bomb.

Here's how it works. I go to the site and start a video stream. Adblock reports 4 blocked ads. The stream plays fine for awhile until whatever script is running decides its time for an ad.

Then the fun begins.

Watching the ad block counter in realtime in about 45 seconds or le

Advertising is for luddites.

[Anonymous Coward]

Modern advertisers use apps. Oh wait.

Also consumes device space...

[zarmanto]

I'm pretty sure I had one of these offending apps, at one time -- though, in my case it may have been a legitimate error on the part of the developer, rather then malicious: It was an alarm clock app for iOS, which displayed a banner ad when you had it in portrait mode but not when you had it in landscape mode. Funny thing is, I learned in the course of time that it was still downloading those ads regardless of orientation, because there's an odd quirk in the way some (or all?) iOS apps download ads; they retain the ad on the device for some indeterminate period of time. Since I just left the iPad charging and sitting on that alarm clock app whenever I wasn't actively using the iPad, this caused that one app to bloat to ridiculous proportions over time, eventually filling up multiple gigabytes of space -- that is to say, all of the remaining space on the iPad.

(Naturally, I eventually ditched that app and sought out one which was entirely ad-free.)

Good scams...

[Feral Nerd]

The sheer amount of activity generated by apps with fake ads was what initially exposed the scam.

It is positively amazing how many criminals manage to wreck a good scam by getting greedy.

Re:

[JustAnotherOldGuy]

^^^ THIS.

I too am frequently amused at how often these guys trip themselves up through sheer greed.

If they had just been willing to throttle it down a bit they'd be safely reaping their profits as we speak with no one the wiser, but now the hunt is on.

Re:

[0123456]

I doubt it's anything to do with this. I suspect it's because they can't measure the effectiveness of TV, print and radio ads. The advertisers tell them their print, TV and radio ads are incredibly effective, then, when they put ads on the Internet where they can directly measure the effectiveness, they discover... they don't actually work.

Whats the point if they don't name the apps?

[krelvin]

Story is interesting but without naming the apps... whats the point. I use an ad block on my rooted device, but many are not rooted and can't.

Sounds good to me

[penguinoid]

Most websites appear to contain invisible ads. Of course, I use adblock.

This isn't really surprising ..

[janoc]

Considering that even an app like HTC's "Kids Zone" (a vendor preinstalled, unremovable app with activities for kids to keep them occupied) requires permissions like: "In-app purchases", "Phone calls", "Contacts", "Calendar", etc - aka everything that could run up an enormous bill or exfiltrate your monetizable personal information while your offspring are playing - it doesn't surprise me at all that someone tries to scam the advertising douchebags too ...

Today's smartphone is a device for siphoning persona

Change who pays

[Moof123]

Similar to how you don't pay to receive a call on your land line, the laws around cell billing need to be changed so that advertisers must pay for their bandwidth usage rather than the user. If I don't ask for it, I should not have to pay for it (radical concept...).

Wasting cell data is not a bother to your provider, rather it just lines their pockets. More transparency on the real cost of data might show how big their incentives to let this crap go on are.

Re:

[david_thornley]

I'm trying to figure how that could work. If somebody has to pay for data (possibly data over a cap; my family has a 10 GB monthly cap), how do the cell providers bill the advertiser? How do they tell the difference between bandwidth for data you explicitly ask for, bandwidth for data an app actually needs, and bandwidth for data the app or website is doing against your wishes and without your knowledge? Is there a way for the advertiser to tell if the last hop is cell data or not? If the advertiser do

Money

[fulldecent]

As someone who has spent money on the Google Display Network and normal search advertising, I can confirm that 100% of ads on mobile and third party sites use click trick / scams to collect CPC revenue with none of the clicks being intentional by potential customers.

Re: Money

[Bing Tsher E]

The ad for the big breasted woman for some awful iPhone 'game of war' just won't go away. Lately it's been appearing in two or three of the four boxes of the matrix. It's getting to feel like pretty soon there will be articles here on Slashdot about the Kardashians.

True Unsung Heroes

[cloud.pt]

How come this has been written like there's someone stealing from somebody else? I'll try and be crystal clear about something advertisers and their supporters fail to grasp every single time it matters: ADS STEAL PEOPLE'S VALUABLE TIME IN EXCHANGE FOR THINGS THAT SHOULD BE TAKEN FOR GRANTED, but ultimately aren't because of your models. Nobody that is an honest-to-goodness COMMON USER reads ad-based use policies, and most of them would rather NOT have ads, but abides to them anyway, because well, it's eith

I wonder...

[xenotransplant]

I wonder if my pc has a few programs like this. It seems whenever I turn on my pc at home, just having it on and idle, slows my network to a crawl. It forces my roku to stop streaming. I have a 25mbps connection. Anyone reccomend a good ip sniffer to see who or what is cramping up my pipes?

Win-Win

[Plumpaquatsch]

That way you don't get to see those flashy ads, but the ad business still finances the app.

Impossible!

[maestroX]

You cannot find over 5,000 apps displaying unseen ads!

Say what???

[mark-t]

Forensiq, an online technology firm fighting fraud for advertisers, found over 5,000 apps displayed unseen ads...

If the ads were unseen, how do they know they were displayed in the first place?

Re:

[PlusFiveTroll]

Because you can monitor traffic coming to the phone.

Re:

[mark-t]

So all that proves is that traffic was sent to imitate an ad view, not that the ads were actually displayed anywhere.

Someone got greedy

[mi]

The sheer amount of activity generated by apps with fake ads was what initially exposed the scam.

This is why the "honest" scammers can't have nice things.

Someone got greedy — a deadly sin.

Fraudulent adverts ..

[nickweller]

"Forensiq .. found over 5,000 apps displayed unseen ads on both Apple and Android devices."

What are the names of these apps and how do they get onto the downloaded devices?

Goodness gracious...

[JustAnotherOldGuy]

...I feel terrible about having an ancient Nokia that can't download data-sucking apps that paw through my personal data in order to exploit me.

Oh, wait...

et

[hcs_$reboot]

the intended audience couldn't possibly be actual humans

Yet another proof of extra terrestrial life