Thousands of iOS, Android Apps Secretly Run Ads, Slow Down Devices

Over the course of the 10-day study, one percent of all devices observed in theU.S. ran at least one app committing this kind of fraud; in Europe and Asia, two to three percent of devices encountered fake ads. “Forensiq identified over 5,000 apps that display unseen ads on both Apple and Android devices”.

Forensiq discovered that some apps were calling ads at such a high frequency that the intended audience couldn’t possibly be real humans.

It turns out that for every ad visible to users the fraudulent apps would run in the background five more; sometimes, closing the app had no effect, as apps continued to scroll through ads. The company’s study details the nature and scope of ad fraud in mobile, including a new type of mobile in-app fraud called “mobile device hijacking”. “These are some good apps for consumers”, says Andrews, “in the sense that people like to play games or monitor their battery or practice making sushi”.

Even though the names of the apps were not released in the Forensiq report, the behavior of the apps was detailed, so users might be able to recognize the “symptoms” on their own devices. But, one culprit was told to Bloomberg, a breastfeeding app for Apple devices published by American Baby magazine by app developer Sevenlogics; the invisible ads tout Olive Garden, Amazon, and IBM. The newest version of the apphas an average rating of 4 stars. “Unfortunately it’s too late for me to switch apps because all my info is wrapped up in this one”.

For example, “Why does a game need to run as soon as a device boots up?” Forensiqs video shows these also running code that producesa steady stream of unseen advertisements from companies like Microsoft, Coca-Cola, and Mercedes Benz. Any performance issues expressed by users are nearly certainly caused by the extra load resulting from the apps’ secondary functions, said Forensiq. It can be hard for advertisers to know their ads are running on malware because the apps also spoof user behaviour and send back legit-looking data. While they do screen apps to ensure it adheres to the guidelines, they’d basically have to keep monitoring its bandwidth usage over time to determine if the app might have incorporated invisible apps, something that isn’t very efficient/feasible.

Google’s Android and Apple iOS are most at-risk, with estimated losses of $480 million and $363 million, respectively.

The main limiting factor for this particular flavor of ad fraud may be economic. This isn’t your normal annoying pop-up ad rate on a browser.

For advertisers, the impact of mobile device hijacking is even more severe. “It’s not Candy Crush”, says Mike Andrews, chief scientist for Forensiq. Reading the reviews for apps before downloading can also point to potentially troublesome apps, Andrews said. Now these ads aren’t so much for your viewing pleasure, but as a means to trick advertisers into paying for them. If eventhevictims of a crime are unaware its going on, theresprobablyless of a chance of anyonegetting caught.