Fall 2018
INSIGHTS
     SDK EXPLAINED
NEWS | REVIEWS | IDEAS | OPINION |
  MOBILE MARKETING »
app usage is at an all-time high, but marketers should beware: mobile’s rapid growth as the primary digital advertising
platform has made it a hotbed for fraud.
The mobile app ecosystem is currently
 SDK spoofing is now harder to spot than fake installs generated in emulation or install farms, as the devices that fraudsters use in this scheme are real and, therefore, normally active and spread out. Fraudsters are starting to collect
real device data by using their own apps or by leveraging an app they have control over. The intent of their data collection is malicious, but that doesn’t mean that the app being exploited for data is purely malicious. The perpetrator’s app might have a very real purpose or it might be someone else’s legitimate app, and the perpetrators simply have access to it by means of having their SDK integrated within it. This could be any type of SDK—from monetization SDKs to any closed-source SDK—where the information being collected isn’t transparent. Regardless of the specific circumstances, the fraudsters have access to an app that’s being used by a large number of users, and this is what makes this type of fraud so dangerous
to advertisers.
Mobile
Marketers,
in the grips of powerful ad-fraud schemes— costing mobile-marketing advertisers
an estimated $800 million per quarter, according to a recent AppsFlyer study. In recent years, fraudsters have been heisting unearned dollars through a technique known as SDK spoofing, burying malicious code inside apps. This malware then simulates ad clicks and user engagement, falsely leading marketers to believe that their own app has successfully acquired a new user as a result of their paid marketing efforts.
According to the AppsFlyer report, approximately 33 percent of marketers estimate that more than half their mobile ad budgets are exposed to in-app and mobile web fraud. This is costing brands a fortune! Although the inherent secrecy of these ploys and the fraudsters’ sophisticated, highly adaptive techniques make it difficult to precisely quantify the scale of fraud and identify the responsible parties, it is evident that there is a significant increase in the rate of fraud and level of financial exposure.
In a recent Mobile Marketer article, Paul Müller, Cofounder and Chief Technology Officer at mobile-measurement firm Adjust, explains the situation:
BEWARE!
SDK Spoofing Leapfrogs to the Front of Mobile Ad Fraud
 Müller went on to report that mobile- advertising fraud has nearly doubled since 2017. On measurements of more than 3.43 billion app installs and 350+ billion events of Q1 2018, the company reported that SDK spoofing was responsible for 37 percent
of all app installs. Adjust also reported
that app categories facing the most SDK spoofing fraud include games (29 percent), eCommerce (27 percent), and food and drink apps (17 percent). n
                                                      WHAT IS SDK?
In mobile advertising, an SDK is a piece of code mobile app developers add to their app to collect measurement and app- install attribution data.
WHAT IS SDK SPOOFING?
SDK spoofing is a type of bot- based fraud often executed by malware hidden on another app. In SDK spoofing, fraudsters add code to one app (the attacker) that then sends simulated ad click, install, and engagement signals to an attribution provider on behalf of another app (the victim). When successful, these bots can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.
HOW DO THEY FIND THEIR WAY TO OUR DEVICES?
Apps loaded with malware that pose as legitimate apps are innocently downloaded from places such as Google Play and the App Store. They may be children’s games, utility apps, or fake or real shopping apps. Fraudsters also exploit bootlegged apps on pirate sites.
WHAT HAPPENS?
Fraudsters collect real device data by using their own apps or leveraging any app they can gain control over; this can happen via popular apps that are not at all dangerous (for example, a battery saver or flashlight tool). Some serve pop-ups, load and reload thousands of impressions,
or watch multiple videos in the background without the user’s knowledge. Others may serve as a Trojan horse for ransomware.