Skip to main content

Luke Anderson, Director of Technology, Media and Communications at KPMG Australia looks into the worrying rise of the “zombie mobile”; phones infected with botnet apps draining our batteries and data plans to deliver unwanted, and often fraudulent, advertising. What can consumers, and legitimate advertisers, do to combat them?

Zombies are infecting our mobile devices, depleting our data and battery resources and cost advertisers over $1B per annum.

It’s nothing new to hear of botnets attacking our desktops and consuming our precious resources of bandwidth and power. In last year’s Mercedes-Benz online campaign, the advertisements were viewed more by automated computer programmes, (57 percent of views) than humans. A recent Forensiq study showed these botnets are also attacking our IOS and Android devices through code embedded within legitimate looking applications, which run in the background, delivering hundreds of ads at a rate as high as 20 per minute (~20 times higher than a normal app).

So how are they doing this?

The digital advertising landscape has advanced significantly over the last 10 years from the days of advertising banners inserted at the top of a website page to automated real time trading within Ad Exchanges (e.g. Google AdX, Facebook FBX).

Ever wondered why you are seeing ads about a product you have recently searched for?

Well, facilitated by the Publishers Supply Side Platforms (SSPs) and the Agency/Advertisers Demand Side Platforms (DSPs), advertisers who purchase a publishers’ database can now have a ‘relevant’ ad appear automatically. As with any advancing technology this has opened the door to ‘opportunists’ or ‘fraudsters’. By automating human behaviours, developers of these botnets can now mimic the user actions so it appears the ad has been viewed by the website user. In reality, this could be a Zombie.

Consumers on mobile devices are feeling the pain, with research suggesting that zombies are using as much as 2GB of your data per day (which is my entire month’s allowance!) and exhausting the phones battery life.

Some may ask how these apps have passed the rigorous development tests performed by both Apple and Google, especially considering the extent of the problem. One possible reason is technology and development techniques have evolved to enable the developer to mask the botnet or keep it in ‘hibernation’ until the application is in-market, therefore passing the pilot/test phase. In addition, spoofing techniques called Cryptobots that make the request for an ad appear to originate from a human not a computer programme are adding to the problem.

What’s more significant is that the advertiser is paying for these fraudulent ads because of the challenge of identifying a real or zombie ad request. Of the 12 million devices studied, over a 10 day period, in the US about 1 percent of all data was infected with 2 – 3 percent of infected in the EMEA and APAC region. Overall, when viewed as a percentage of applications this represented, approximately15 percent of all apps either compromised or at risk of ad fraud with high profile brands such as Coke, Mercedes-Benz and Microsoft all impacted by this trend.

What does this mean in terms of market size?

The global advertising market is likely to exceed $68B in 2015 ($100B+ in 2016) with research suggesting more than $857M is at risk of ad fraud (~1.3 percent. Both are expecting to increase year on year with over $1BM of revenue in 2016 attributed to mobile ad fraud.

 So what can the advertiser do?

One of the business models for placing advertisements on websites is calculated based on volume (CPM – Cost per Mile/Thousand). So the fraudulent app developer wants to create as many ad requests as possible to generate more revenue. This behaviour will stand out from typical human behaviour because of the number of transactions, frequency and longevity of the session as a human user is unlikely to be constantly in the app for 24 hours.

Advertisers should;

  • Invest in real time analytics and pattern matching techniques (or Ad Exchanges) to identify, define, assess and block fraudulent transactions.
  • Continue to update and verify their blacklists.
  • Optimise their ad strategy during waking hours as Zombie’s tend to peak when the users are sleeping.

How can the user combat this?

Luke Anderson

Director, Technology, Media & Communications

KPMG Australia

color-linkedin-128 color-twitter-128 color-link-128

Question the validity of the requests the application is making e.g. why does this app need to have internet access….does it really need my location?

But ultimately, a regular clean-up of your devices for applications not currently used. In my case, take a look at my iPad after my kids have been using it for a couple of hours as there are always new applications appearing.

This is, of course is followed by the… “but it was free Dad”…..was it really?  Free to who?