Technology experts estimate that by 2020 there will be more than 6.1 billion smartphone users worldwide.1 Much of the smartphone market expansion has been tied to the popularity and simultaneous growth of the smartphone application market. Estimates report that Apple offers about 1.5 million total apps in its app store, while Google offers between 1.6 and 1.8 million in the Google Play store.2,3
Consumers and developers haven’t been the only ones to benefit from the explosive rise in mobile app popularity, though. Hackers can create sophisticated mobile apps that drain data and steal information from users.
What is app fraud?
App fraud primarily works in two ways:
- Simulated ad interactions
- Intentionally misleading buttons or layouts
In the simulated ad interactions, bots trigger ad activity that costs advertisers — in fact, more than 18% of total ad interactions is from bots. With the misleading buttons or layouts, developers create layouts that overlap ads with content so users will unintentionally click the ads. Users usually have no intention of clicking some of these ads but do so because the ads are so small that they tap them by mistake. This mistaken clicking accounts for 47% of clicked ads in apps.4 Additionally, apps can contain more ads than they are allowed by their operating system to serve, or display ads outside of the screen view of an application.
When targeting advertisers, criminals develop apps that continue to run even when they’re not in use, simulating human activity even though no user is actually controlling the app. In many cases, these programs make phony clicks and pretend to read ads, which costs advertisers money. For consumers, these apps drain data and battery life, but the apps’ primary financial targets are advertisers. These fraudulent apps reportedly cost advertisers $1 billion per year.5
Smartphone technology providers like Google and Apple have safety features integrated into their operating systems to guard against behaviors that put users at risk. Google, for instance, forces Android apps to run in an isolated code environment, or “sandbox,” which prevents an app from accessing sensitive information like texts, account numbers and emails.6 Similarly, Apple provides its users with Apple Keychain, which allows users to use a single password to manage their app logins and passwords, making it easier to create safer login/password combinations. They also regulate their application developer program to ensure that every application submitted can be traced to a person, business or organization.7
Download only reviewed apps
To avoid fraudulent apps, download from only the Apple App Store or the Google Play Store, if you use an Apple or Android device, respectively. App users should also evaluate an application carefully before downloading and read previous users’ reviews to verify its authenticity and reliability. If other users have reported suspicious behavior, be wary about downloading.
The frequency of app fraud has increased in recent years. While most of this fraud is now directed at advertisers, users should exercise caution when downloading new apps.