According to OpenX, over 60% of the comScore top 1,000 publishers in the US have adopted Ads.txt, and while that means there’s still a long way to go before Ads.txt is used near-universally, some players are now taking action against publishers that haven’t adopted Ads.txt.

But Ads.txt isn’t perfect, and even if every publisher in the world was using it tomorrow, a large portion of the ad market would still be vulnerable to fraud. That’s because Ads.txt currently serves to defend against inventory spoofing and unauthorized sellers for websites but not mobile apps. And fraudsters seem to be well aware of this.

In fact, according to researchers at ad fraud detection firm Forensiq, fraudsters are actually using data from Ads.txt to identify their targets for ad fraud schemes involving in-app advertising.

For example, Forensiq discovered that more than 1,400 apps were displaying ads that were sold fraudulently using the domain name of TV Guide. Other unnamed high-profile publishers were similarly targeted, and for good reason: their inventory typically sells at a premium.

Forensiq’s director of product and data science Amit Joshi told AdWeek, “The smart thing about this is that there’s a lot less verification in the in-app space because it’s fairly new. There’s a lot less transparency. For somebody to detect that this is happening, it’s harder because it’s in-app traffic so you have to use in-app detection versus on a website where verification and domain spoofing protection is fairly mature.”

In other words, most advertisers are probably not going to catch this type of fraud, which is especially disturbing given how prevalent it appears to be. Of the more than 3bn ad impressions Forensiq looked at, about a third were spoofed, and of those, over a third employed this tactic.

in-app advertising fraud

Mobile Ads.txt to the rescue?

Clearly, Ads.txt is not perfect and to be fair, everybody has known that. But given just how important ads served in-app have become to the digital advertising ecosystem, this new kind of fraud is troublesome.

Fortunately, the IAB is aware that mobile presents challenges and it recently announced that it is exploring ways to extend Ads.txt to mobile apps. Under its “Mobile App Support for ads.txt” proposal, app store operators would either provide an official field within the description of an app that identifies the domain of the app or provide a standardized API for requesting app ownership metadata. This would enable advertisers to then retrieve the appropriate Ads.txt file for each app.

For one of these approaches to be viable, app store operators, namely Apple and Google, would need to cooperate. Apple already offers an official API that could support the IAB’s proposal; Google does not. Alternatively, the IAB’s proposal contemplates an independent DNS-like service that would store a mapping of apps to their associated domains.

While the IAB has not yet set a target date for the finalization of mobile app support for Ads.txt, given the adoption of Ads.txt to date, the popularity of in-app advertising, and the apparent volume of fraud taking place, it’s likely that the IAB will move as expeditiously as possible.

This, of course, does not mean that ad fraud will soon be a thing of the past, but as standards like Ads.txt evolve to cover the most widely-used digital ad channels, it would seem that the industry has a real opportunity to make life much more difficult for fraudsters.