A woman using her cell phone outside of a train

Moving Beyond In-App Inventory Fraud with app-ads.txt

Professional headshot of Eric Bozinny
By Eric Bozinny, Senior Director, Marketplace Quality
February 14, 2019

After fighting ad fraud for 12 years, there is no limit to the methods and tactics I’ve observed bad actors employ to deceive legitimate ecosystem constituents. Exchanges, SSPs, DSPs, advertisers and fraud detection vendors have all been fooled on occasion. In-app inventory fraud is especially challenging, given the wide range of control an app may have over data flowing in and out.

While fraud detection is a helpful tool to identify pockets of sophisticated invalid traffic (SIVT) coming from an inventory source, it should never be relied upon exclusively to ensure high traffic quality. This is due to sampling issues, the probabilistic methodology used by many vendors and most simply, by the fact that fraud is detected and reported after the damage is done.

Moving Beyond Detection

For these reasons, I’ve always preferred using data signals and mitigation approaches that allow me to avoid inventory sources with high-risk profiles. It’s better to avoid fraud by avoiding the domains and apps that demonstrate the highest potential of supporting fraudulent activity.

Towards this end, digital properties using ads.txt for domains were able to eliminate spoofed inventory, one of the most harmful vectors of ad fraud to publishers (premium sites lost revenue to bad actors spoofing their domains). This also benefits buyers who, prior to ads.txt, thought they were buying premium inventory, only to find themselves consuming low-quality human traffic, bots or both.

Successful adoption by the industry to incorporate ads.txt took over a year, given that the new concept wasn’t widely understood by buyers and sellers alike. Now, it’s widely adopted (to illustrate, less than 1 percent of PubMatic inventory is unauthorized), with 41 percent of the Alexa 5000 using an ads.txt.

The Implications for In-App Inventory

Spoofing is now a huge issue with mobile in-app ad inventory but with the difference being that unlike in the desktop/domain space, there is no technical way to determine the true source of the traffic being spoofed. Therefore, the upcoming launch of app-ads.txt is an eagerly anticipated way to ensure the inventory is what it claims.

While the app-ads.txt protocols are in the final stretch before being finalized, here are my tips on how the industry can best leverage the new app-ads.txt initiative: tips for buyers and developers.


  1. Only buy premium app inventory that utilizes app-ads.txt. The high profile, widely used apps are the ones typically spoofed as buyers implicitly trust inventory from quality sources. Only by requiring premium apps to incorporate app-ads.txt (and that it is managed correctly – see my developer’s tip) can you trust that the inventory is from a legitimate source.
  2. App-ads.txt is only as good as the app using it. While the biggest beneficiaries of app-ads.txt will be the most premium apps, bad acting app developers will happily (and rather quickly) include an ads.txt file for their apps. These fraudsters will continue to pump spoofed, bot traffic through their apps. Only work with apps you know and trust.

App Developers

  1. Incorporate app-ads.txt immediately. Unlike with the slow adoption and ramp-up of the desktop domain ads.txt initiative, I expect app-ads.txt to become table stakes much sooner. At PubMatic, while we allowed longer grace periods for ads.txt adoption, we will be much more aggressive with our app-ads.txt policy.
  2. Monitor your app-ads.txt files closely. As the Wall Street Journal recently reported, and as I highlighted in our Inventory Quality white paper, bad actors have a huge incentive to a way onto your ads.txt file. Once a bad actor is given a listing, it can spoof and/or arbitrage the publisher’s inventory and sell to buyers while appearing legitimate.

Though app-ads.txt will not solve the growing issue of in-app ad fraud, the IAB Tech Lab sponsored initiative will greatly reduce the risk of advertising buying spoofed premium in-app ad inventory. However, even then this is only true if buyers and sellers are committed to ensuring it’s rolled out correctly.

What’s Next?

To learn more about our mobile initiatives, check out our solutions page or contact us.