Fighting Monkey Business with “Monkey” Business

By   ISBuzz Team
Writer , Information Security Buzz | Apr 01, 2014 01:54 am PST

Researchers at Microsoft and the University of Southern California have developed a new technology that can actively detect mobile app fraud. 

The focus of the researchers’ technology is placement fraud, a type of click fraud that violates the rules of ad control designed by ad networks.  Placement fraud is generally divided into two types:  structural fraud, where ads are manipulated in such a way that they are hidden, placed off-screen, or made too small; and contextual fraud, where ads are placed on pages containing adult content, which may diminish the brand image of the advertisers.

Placement fraud, and click fraud more generally, are harmful to both users and marketers.  Users want to be in control of what ads they decide to view.  But as a result of placement fraud, nearly half of all users who view ads on their mobile phones do so accidentally.

At the same time, while the quantity of clicks matters for marketers, so does the quality.  When it comes to internet keyword marketing tools like Google AdWords, poor quick quality requires that marketers lower their bids and, perhaps eventually, remove themselves from the market completely.

Placement fraud harms everyone but the cheaters.  So Microsoft is fighting back.

Researchers Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu have designed what they refer to as a “digital monkey” to systematically review apps in an app store.  By interacting with apps via clicking buttons and entering text in text boxes, this new technology seeks to identify any apps violating an app store’s terms of service.

Initial success of the technology is promising.  When allowed to survey 50,000 Windows Phone and 1,200 Windows 8 tablet apps, the monkey identified 1,000 and 50 apps, respectively, that violated the terms of use for Windows apps.  The problems ranged from game apps displaying vertical ad bars that contained pieces of the game itself, conveying a false sense of the app being free of ads, to other apps that were formatted to too small of a size.

You can read more about Microsoft’s research here.

Clearly, the digital monkey is a great step forward in mobile security.  It promises app networks and app stores a tool which they can use to remove those who violate their terms of use.  As a result, marketers will receive better quality clicks, and users will be able to have greater control over what mobile apps they wish to access.

The next step might consist of trying to figure out whether the instances of placement fraud were intentional or not.  This could mean the difference between removing a developer’s app from an app store to arresting a group of individuals for intentionally seeking to make a marketer lose money.  Intentionality has always been difficult to prove in cyberspace, so this might take some time.  But at least marketers and users could be better protected in the near future.

David Bisson | @DMBisson

dave bissonBio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation.  He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern.  Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy