It's Not Just Websites, GSP fraud infiltrates app ecosystem

TIME and time again, the digital advertising industry is reminded that the lack of transparency and opacity in the supply chain wastes advertisers' money, could cause brands reputational harm, or result in ads funding illegal and questionable content.

The most recent ANA Programmatic Supply Chain study released last week claims there are $22 billion in efficiency gains to be made for client-side marketers if they address the issues of information asymmetry in the market.

One area in digital advertising where information asymmetry is rife is search, as the major platforms do not provide the ability to use independent pre-bid or on search result page controls. When search advertising counts for over 40 percent of digital advertising spend, this leaves search open to exploitation by bad actors. This risk gets amplified when search engines, like Google, have a broad network of "partner" sites with embedded search.

The recent report by Adalytics into Google Search Partners (GSP) highlighted the extreme end of the issue — sanctioned websites and questionable content displaying search ads. The sites identified in the Adalytics report were not obfuscated.

Google, a 3rd Party, or basic diligence would determine such sites should not be monetization eligible — sites with adult-themes in their website addresses don't require sophisticated AI to determine they are potentially risky. But these sites represent just the tip of the iceberg of the problems with search partners.

What our team uncovered is that the problems with "search partner" monetization extend into the app-store ecosystem. This accelerated with Google's adoption of Performance Max (PMax), which attempts to find the best place for your ad and, as I wrote previously, could be easily gamed. At the time, I asked the question, "what if it got worse" and the unfortunate reality, is that it has and is getting worse.

We discovered that search, GSP and Pmax, is getting worse because, in a world where detailed log-level data is absent or often redacted due to "privacy" concerns, conducting click-level analysis could shine light where there is darkness. This is because the performance nature of search, paying per click, means data does and would flow to marketers who have the systems in place. This could then be used to proactively stop fraud and protect marketing spend.

In our forensic data analysis, we're seeing (and blocking) not only questionable websites, but a litany of Google Play Store apps that are generating GSP and PMax search queries despite having no search functionality at all! This is not some website opportunistically adding Google search functionality to their website — this is direct and outright fraud and theft of advertising dollars.

For example, one of our major telecommunications clients, who provides mobile and broadband services to over 80 million customers, saw an influx of search clicks coming from apps that had no legitimate basis for being a traffic source and where search behavior is inconsistent with the behaviors one would expect of the apps' intended audience. The apps included child-directed content, games, and services operating on the very edges of legitimacy, such as incentivized cryptocurrency earning services.

One app we identified, a child-directed "virtual cartoon superstar," has users actively searching for terms such as home "wifi providers" and "fiber internet." Aside from the behavior being incongruent with the audience, there were other unusual patterns we observed. This includes that the search queries were always unbranded, meaning the app could maximize search and exploit search matches not only in our clients' home market, but it is also designed to generate telecommunications queries and false clicks in other parts of the world.

Another example that we discovered was an incentivized cryptocurrency earning app, attempting to drive significant click traffic from high-cost generic keywords like "WiFi deals" or "phone deals." This app is also a Google Search Partner, despite the app being absent search functionality.

Our forensic analysis identified the issue, but when the team investigated the app itself, there was even public data in the Google Play store review filled with user complaints such as "won't let me get past an ad," "Ads. Ads. Ads. More ads," and "I am frustrated by the ads in this app.

Why are there so many ads? There is even an ad when you open the app," that suggests this was not an outlier of a potentially infected and compromised Android phone, deliberate fraud.

The fact that public data also flagged users concerns about the app and ad experience highlights a separate issue — a lack of oversight and enforcement by Google of their own policies and ability to protect users and also advertisers budgets.

As our team of machine learning systems and data scientists investigated the search queries and click fraud, we also identified that across both apps above (and many others we identified), repetitive generic searches stem from a cluster of similar IP address ranges, indicating a high probability of coordinated invalid traffic and click fraud.

All of these were coming from apps that are "partners" in the GSP and PMax network — costing advertisers money. Exclusion lists and legacy 3rd Party Verification approaches such as keyword blocking would fail to protect advertisers from search click fraud, which is why new solutions and tools, like what we have developed, are required.

So what are marketers and agencies to do so they don't fall victim to such fraud and questionable inventory and end up being named and shamed in yet another industry report? With advertising automation, AI-decisioning, and increasing shift of advertising budgets to performance channels and where marketers hold advertising accountable for outcomes, marketers need to audit the actions, like clicks, that drive those results. Otherwise, marketers, agencies, and brands would continue to fall victim to the deceptive practices that run rampant within this complex landscape.

Mat Ratty is the chief executive and co-founder of TrafficGuard, a global advertising verification company providing a cloud-based digital ad fraud protection solution, which assists digital advertisers, agencies and advertisement networks with fraud prevention and mitigation.

‍

Read more 👉 here.