The recent scourge of shady app install ads that have been automatically redirecting users to the App Store brought to focus how difficult it is to monitor and manage today’s mobile ad ecosystem. Fingers were pointed everywhere – including at the app publishers, marketers and the ad networks, some of which tend to utilize shady tactics. Now, a company called The Media Trust is offering a solution to the problem.
For background, in recent months, many users who were just trying to read an article on their phone or use a mobile application like Imgur, for example, were being pushed to the App Store to install games like Candy Crush, Clash of Clans, Game of War, and others, even though they never first tapped on an ad. What initially appeared to be just a bug, later turned out to be a much larger problem given the scale of the issue and number of reports.
Though this kind of “malvertising” (malicious advertising) happens all the time, for many users, the App Store redirects were their first experience with malicious activity within native mobile applications.
What was happening, explains Chris Olson, The Media Trust founder and CEO, is not as simple as saying it’s this or that ad network who’s to blame. Rather, individuals committing the actual fraud are the ones exploiting the ad networks, the demand-side platforms (DSPs), and the ad exchanges, many of whom are Media Trust clients.
While some DSPs or networks take their own internal security more seriously than others, Olson hesitates to call out those which have been found to be involved in the delivery of these malicious ads because, sometimes, they’re potential clients, and other times, it can be difficult to tell whether the malicious ad was just a bug or mistake.
As for the real fraudsters, they’re quite savvy – they tend to change their name and rotate domains to avoid detection, Olson explains. They hop around the DSPs, too.
“Mobile is a wild west scenario today,” says Olson. “It’s like the PC display market ten years ago – very fragmented, with a very large number of new players, lots of people who don’t know each other yet…the security systems are just being built,” he says. Those committing fraud are also just learning the ecosystem, too, he adds, noting “the arms race is really just beginning.”
Mobile malware and exploits are now rising faster than on the PC side, and things like malicious app store redirections are only one of the exploits The Media Trust is currently seeing. The company, which can also monitor for any malicious third-party content, including things like widgets or recommendations engines, has noticed mobile redirects that take users to phishing sites, porn sites, and other sites where some sort of malicious activity is taking place.
Olson’s company has been fighting this kind of content for years, previously more so on PCs. Founded in 2005, today the company has a physical presence in 65 countries and 500 cities worldwide, providing a variety of tools and technologies to protect against security threats, malware, privacy violations, site performance issues, data leakage, and more. It’s the last line of defense for companies who know that, no matter how good their security is, the bad guys will still get in.
The Media Trust has typically flown under the radar due to the nature of its business, while counting among its 500 some clients the big five internet portals, e-commerce companies, social networks, DSPs, exchanges, ad networks, server-side platforms, and broadcast networks.
It has been offering mobile redirect detection to its clients for some time, as well, but given the recent buzz surrounding the problem and its escalating scale, The Media Trust is now making an effort to raise awareness about its service, which it never before actively marketed.
“We see this many, many times across our ecosystem today..it’s happening all the time,” says Olson of the mobile app store redirections. And the company isn’t tracking every ad impression, to be clear, but is rather sampling the code.
For mainstream consumers, mobile has sometimes been thought of a safer place than the desktop web. There were not pop-up ads and automatic downloads, malicious browser plugins, spyware, adware, and fewer overall incidents of viruses and malware. Native apps seemed especially immune, given how they ran as isolated, standalone software programs on users’ smartphones and tablets.
That may no longer be the case.
As more of users’ everyday “web surfing” and internet activity turns to mobile, the fraudsters, hackers, and exploiters who have always made their money in underground and illegal ways will turn to mobile, too. And they’re smart about targeting areas where the platform makers, like Apple and Google, would have trouble fighting back. Switching off the capability to allow mobile app redirections would be a serious business decision for Apple or Google, for example, affecting content delivery, advertising and even the functionality of mobile apps themselves.
This problem may get worse, as more companies begin to link their apps together through “deep linking” technologies, as well. This makes native apps act even more like the web, where you can be pushed from a mobile ad to another app with just a tap.
The automatic mobile redirects may be the signaling of more malicious activity yet to come.
“The mobile redirection issue is starting to have a real impact on the mobile web,” says Olson. “The bad guys are going to follow the money.”