An Empirical Study of Click Fraud in Mobile Advertising Networks

Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue through in-app advertising. Our study aims at identifying potential security risks of a type of mobile advertisement where advertisers are charged for their advertisements only when a user clicks (or touches) on the advertisements in their applications. In the Android platform, we design an automated click generation attack and empirically evaluate eight popular advertising networks by performing real attacks on them. Our experimental results show that six advertising networks (75%) out of eight (Millennial Media, App Lovin, Ad Fit, Mdot M, Rev Mob and Cauly Ads) are vulnerable to our attacks. We also discuss how to develop effective defense mechanisms to mitigate such automated click fraud attacks.