Will Criminals Bring a $21 Billion Business Down?

By Greg Boyle, Trend Micro, senior global product marketing manager

By 2016 mobile advertising will comprise 11 percent of total media ad spending in the United States. This will equate to nearly $21 billion in spending by marketers. But, there is cause for concern. In a recent report from Trend Micro, our research team discovered a significant drawback— in-app advertising that promotes malicious websites designed to steal user information and funds. The infiltration of malicious and fraudulent content threatens to undermine the trust and predictability that underpins the critical mobile ecosystem that is largely built on advertising.

The growth in mobile device usage and higher response rates from more affluent users provide a solid platform for marketers to reach their high-value target audience at a time when they are most receptive to advertising. Advertising is now the most popular revenue generating technique for app developers and an entire downstream ecosystem of networks, mediators, analytics services, designers, buyers and sellers has evolved to profit from the mobile advertising industry.

According to a recent Yankee group study, 67 percent of smartphone users are willing to view ads to gain in-app premium content rather than paying for it. Essentially, this means that more users will click on ads to gain their in-app content and goods. Another phenomenon of the mobile ecosystem is the limited screen real estate available. This restriction has meant that the normal display consumers have become accustomed to in a web browser has been removed. Users no longer see the URL or the security padlock, and they expect less text with more pictures and large buttons –a perfect mix for criminals looking to deceive users—because all the tell-tale signs of a fake or malicious website are obscured. The focus is now entirely on immediate action and gratification.

The advertisements used in the scam were provided to users that subscribe to a large, global advertising network claiming to serve ads to more than 90,000 apps. This makes the distribution reach of the criminals potentially very lucrative. The report goes on to explain that the ads promised users extremely inexpensive iPhones and Samsung devices. Once the ad is clicked, the websites open and offers many purchase options for these cheap devices, none of which are real and merely serve to collect information and steal money from the users.

While the current discovery only appears to be targeted at Chinese users, the proliferation of free apps, ad networks and devices means that what might have been a small-scale test in China could become a large scale global campaign with only a change of a web page, an increase in advertising bid and a change of target profile.

The mobile advertising ecosystem works because of trust. Developers trust the advertising networks to display relevant, high-yield content. Advertising networks trust advertisers to supply ad content that triggers good response rates. Users trust developers, advertisers and OS vendors to ensure the advertising they see is not only non-obtrusive, but legitimate and free from malicious intent. When that trust is broken users will stop clicking on ads, developers will stop earning money and, therefore, stop developing. Thus, the inventory for advertisers will decrease, which in-turn increases bid rates and reduces ROI, leading marketers to look elsewhere to advertise.

The mobile advertising industry needs to take notice and put measures in place to ensure that the content they serve is not only suitable, but is free from malware, fraud and risk. Integrating link verification into the advertising platform by working with security firms is one clear way the industry can begin to address this problem.

However, this doesn’t solve the problem of bad apps that may be posted on app stores. Adding improved vetting of the applications that advertisers promote is the next logical step. There are more than 21 billion reasons to make this a priority.