Stone, Meet Glass House - The Significance of Uber's Second Ad Fraud Lawsuit

[NOTICE] I have never served Uber or Fetch or any of the parties mentioned in this case or the previous cases. When I was contacted by these parties to serve as an expert witness, I have declined every time, and will continue to do so.

[NOTICE] I AM NOT SAYING SOMETHING IS FRAUD OR NOT FRAUD OR THAT EITHER PARTY IS RIGHT OR WRONG. I AM HIGHLIGHTING KEY POINTS FROM THE COURT DOCUMENTS SO OTHERS CAN LOOK INTO THEIR OWN CAMPAIGNS FOR SIMILAR PHENOMENA.

This is a good time to re-iterate that ad fraud is not a tech problem. And it will NOT be solved by throwing more tech at it -- like fraud detection, brand safety, and viewability measurements. Ad fraud is an INCENTIVES problem where bad guys have the incentive to commit ad fraud (to make money) and middlemen have the incentive to look the other way (to make more money). Ad fraud is not solved yet because no one wants to solve it - they are making far too much money from it now. And the only way to solve fraud in your own campaigns is by looking at the data yourself and avoiding the parties and technologies that are inherently at odds with your finding the truth.

Now to the June 5, 2019 court documents which can be downloaded here, to follow along: https://webapps.sftc.org/ci/CaseInfo.dll?CaseNum=CGC19576493

Most of you are aware of Uber’s lawsuit against their agency Fetch in 2017, alleging ad fraud -- that the agency billed Uber for fake clicks and fake app installs, purchased through digital media. Fetch counter-sued Uber for non-payment and for being a “faithless business partner.”

What is less known is that the “case [in California federal court] was dismissed voluntarily by Uber on Dec. 22 after it was reassigned to U.S. District Judge Yvonne Gonzalez Rogers. Uber said they would pursue claims in a San Francisco court instead.”

Uber has now additionally sued the ad networks and exchanges that ran media for it. This is utterly significant because this raises the risk for ad exchanges that look the other way regarding ad fraud or actively participate in "non-transparent" activities.

Normally, the “devil is in the details.” In this case, the details are fascinating. I will point out certain passages and why, in my opinion, they are significant.

Page -1- Lines 26-28

“The true names and capacities of third party defendants DOES 1-100 are presently unknown to Uber, and Uber will seek leave of court to amend this complaint to allege such names and capacities as soon as they are ascertained.”

Just like the LinkedIn lawsuit against anonymous data scrapers in 2016, the fact that there are up to 100 “John Does” named in this lawsuit confirms the murkiness of the digital media supply chain -- NON-transparency, as it were. Why would there be so many parties that the buyer does not know? Perhaps they were necessary to get the volumes of impressions and installs that were demanded; or perhaps those sources were doing something else non-transparently.

Page -4- Lines 13-18

“Uber pays only for legitimate clicks by real people on actual mobile ads that are attributable to installation of the Uber App, new sign ups, and/or first trips 9called the “last click attribution” or “app attribution”). Uber does not pay for ads to simply appear on a page (i.e., views) or for clicks that do not lead to one of those outcomes. Thus, when Defendants “purchase” mobile inventory on Uber’s behalf, they are actually purchasing the final outcome - not the number of times an ad is displayed, viewed, or clicked.”

This is exactly what “performance marketing” is supposed to mean. Instead of paying for impressions (cost per thousand, CPM) or clicks (cost per click, CPC), performance marketers pay only for the desired action - in this case app installs (cost per install, CPI). The assumption is that the ads were shown to and clicked on by humans, with the intent to download and install the mobile app being advertised. The fraud happens when ads are not shown to humans; clicks were performed not by humans, and even the installs were not done by humans. If HOW this is done is not clear, please see the following article - A Primer on Mobile Emulators, For Truly Scalable Ad Fraud.

Page -5- Lines 3-10

“To track which advertising network, website, or app generated clicks (and ultimately installs, sign-ups, and first trips), Uber contracted with a third party mobile analytics and performance marketing platform called Tune, Inc. (“TUNE”).”

“TUNE’s mobile app tracking service is supposed to collect information about mobile advertising impressions (i.e., views) of, and clicks on, mobile ads. TUNE tracks clicks on ads and then matches the last reported click to a rider’s installation of the Uber App. TUNE then awards credit to the publisher, network, or mobile advertising agency that placed the ad responsible for the last click attribution.”

This shows that Uber had tracking in place. And Tune is known to have fraud detection techniques, technologies and processes to detect app install fraud. They may have even successfully detected it but until someone actually looked at the TUNE reports, the fraud that was plainly there was not actioned upon.

Page -5- Lines 11-16

“Networks like Defendants were required, by virtue of the IOs, to identify through TUNE all app and mobile websites running Uber ads. Networks and publishers were also required to implement “click tracking,” which was intended to identify the publisher reporting clicks to TUNE that resulted in installations, the particular ad at issue, and the app or website name where the clicks generated from. All networks, including Defendants, were required to report accurate and legitimate information to TUNE.”

This is a great illustration that requirements in legal contracts -- “required to report accurate and legitimate information” -- may still not mean that those requirements were actually fulfilled, or even adhered to.

When was the last time bad guys obeyed the law and followed the rules, even if written down and signed?

Page -6- Lines 22-26

“Transparency reports were intended to be final and true reflections of (i) where Defendants and other media partners were running Uber ads, and (ii) the clicks and installations attributable to those ads. Given the volume of Uber’s mobile advertising, the transparency reports were also the only accessible means for Uber to “see” the apps and mobile websites where its ads appeared and to assess the impact of particular networks and publishers.”

This is true for most large advertisers - they rely on the reporting given back to them by their agencies and suppliers. What is also true is that the accuracy of the reports are assumed - and buyers rely on the suppliers to do the right thing. But what if the supplier were cheating or wanted to cheat? Would a cheater voluntarily tell you they are cheating? Of course not.

Page -7- Lines 5-9

“Mobile advertising fraud generally falls within two broad categories: (i) fraudulent installations, and (ii) attribution fraud.

“Attribution fraud” refers to a scheme where networks and publishers seek credit for organic installations and for installations actually attributable to other media sources. Attribution fraud occurs when networks and publishers insert false information into TUNE’s attribution algorithm.”

“Some key forms of attribution fraud include the following: click spamming, fake or malicious sites, stacked ads, auto-redirects, and other ‘creative issues’.”

There are many ways to commit fraud and to cover it up. These are just examples that were seen and documented. But the fraud playbook is far more extensive and advanced, and the techniques mentioned barely even scratch the surface.

"There is far more ad fraud that we don't know than what we do know. So it's always better to assume that detection tech is missing something."

Page -11- Lines 1-6

“Fraud is also perpetrated through, and/or apparent from, the metrics and data that networks and publishers report through TUNE, and that was reported in the transparency reports provided to Uber. ‘Metrics Smoothing’ refers to the scenario when a network or publisher misreports where advertisements are placed in order to conceal the true placement of the advertisement (or perhaps no placement at all)."

This details how “transparency reports” are easily messed up with fake data. Also the true placements are not only concealed, sometimes the ad placements didn’t even occur. When you get a spreadsheet that tells you how many ad impressions were displayed, clicked, and converted, do you actually know if the ads were shown or clicked?

"Consider the possibility that you just paid millions of dollars for a spreadsheet with some numbers in it. Good looking numbers; but just numbers in a spreadsheet."

Page -11- Lines 18-27

“Networks or publishers concealed the true placements of advertisements and allocated supposed clicks and installs across a number of platforms to give the appearance of legitimacy.”

“Falsified Transparency includes the scenario where a network or publisher reports vague website or app names ... or, clicks and installs... severely disproportionate to the number of active users.”

This shows that complicit networks and publishers that are trying to cheat will definitely be covering their tracks. But that with common sense, a review of whether simple things check out, or not, will give you clues of where there is fraud and whether it is fraud. But again, few bother to look, because they think everything is fine or it's someone else's responsibility.

Pages -12-13-

“Examples of Falsified Transparency from Transparency Reports ... include Deceptive Naming, Missing Device IDs, SDK Outliers, Non-Mobile Optimized Sites.”

Again, there are many many techniques used by fraudsters to carry out the fraud and cover their tracks.

Pages -13-14-

“For instance, in early 2017 Bidmotion/Hydrane reported to Uber that they purchased the majority of their ads from advertising exchanges such as Mopub. However, when Uber asked Mopub whether those Defendants purchased inventory from its exchange, Mopub replied that it was unaware of any such purchases.”

How do exchanges not know where they purchased inventory? There should be financial paper trail if those supposed purchases were real, right? Shall we look into that?

Page -14- Lines 3-5

“In addition, while Bidmotion/Hydrane purported to place ads only on mobile applications, Device ID information was almost never passed to TUNE for Uber ads purportedly placed.”

Again, another example of where common sense should tell you there was something wrong, or at least something to look into, and ask why.

Page -15- Lines 17-19

“Uber discovered a TUNE report showing publisher names .. that did not match up with their corresponding referral URLs, a clear indication of fraud.”

This may not always be a clear indication of fraud due to limitations in measurement, especially in-app; but when you see this, it should definitely be investigated. And constant vigilance is needed on the part of the buyer/advertiser. Don't assume that the reports are correct, or even real.

"If bad guys are going to commit ad fraud, don't assume that they won't manipulate the reports, metrics, data, and analytics too."

Page -16- Lines 17-28

“Defendants stole credit for organic installs of the Uber App, and Uber app installs that were attributable to other sources.”

Organic installs are where humans download and install the app because they wanted to, not because they clicked on an ad. And other sources included TV advertising and other ads that caused real humans to install the Uber app. Fraud occurred when Defendants claimed credit for those installs, in order to earn the cost-per-install fee.

For more examples, see Performance Marketers, You're Still Getting Ripped Off by Fraud

Page -16- Lines 24-28

“Despite Uber’s diligence, as a result of Defendants’ active concealment of the true nature of their work for Uber, it was not until early 2017 that Uber became aware of the pervasive fraud in the Uber Campaign, in part as a result of complaints from the public regarding Uber ads appearing on mobile websites that Uber had previously requested Defendants block from participating in the Uber Campaign.”

“Active concealment” is key here. Perpetrators of fraud are not passively taking action; they are actively concealing their activities and actively making their activities appear to be legitimate. “Pervasive fraud” is also important - because it is not just a bit of fraud; it was pervasive, and ate up a large portion of the large budgets that an advertiser spent. And finally, outsiders (“the public”) saw Uber ads appearing on sites and reported them to Uber. This is like @slpng_giants does for brand safety and other researchers are doing for big companies that all claim to have fraud detection in place already. 

Page -17- Lines 8-19

“Just before Uber suspended the entire Uber Campaign in March 2017, which included payments to Defendants, Uber was spending millions of dollars per week on mobile inventory purportedly attributable to hundreds of thousands (even millions) of Uber App installs per week. Had the ads been legitimate, one would expect to see a substantial drop in installations when mobile advertising was suspended. Instead, when Uber suspended the Uber Campaign, there was no material drop in total installations. Rather, the number of installations supposedly attributable to mobile advertising (i.e., “paid signups”) decreased significantly, while the number of organic installations rose by a nearly equal amount. This indicated that a significant percentage of the installations believed to be attributable to advertising were in fact stolen organic installations. In other words, these installations would have occurred regardless of advertising. Instead, Defendants and the other networks or publishers in the Uber Campaign fraudulently reported the last click attribution to claim attribution credit and were paid for the installation.”

A great common sense example of how to find fraud. More advertisers should pause campaigns or spending and see if anything changes. If nothing changes, then whether or not it was fraud, the digital ad spending was not driving any incremental business and therefore unnecessary.

Page -19-

“Defendants knew that a substantial portion of the mobile inventory they sold to Uber .. was nonexistent, nonviewable and/or fraudulent, and that such inventory was not attributable to legitimate riders installing the Uber App.”

“Defendants failed to disclose problems with the mobile inventory they sold because they knew that Uber would have pulled its advertising and insisted on remediation for fraudulent advertising.”

“Defendants actively concealed nonexistent, nonviewable, and/or fraudulent inventory and prevented Uber from uncovering the true facts, for example, by hardcoding misleading names into TUNE to deceive Uber into believing installs were driven by ads on approved sites.”

“Defendants intended that Uber rely on their omissions and misrepresentations to induce Uber to spend more on mobile advertising.”

“Uber has suffered monetary injury and Defendants have been unjustly enriched by reason of the foregoing.”

“Defendants’ representations and omissions were intentional, malicious, oppressive, or fraudulent, and give rise to liability for punitive damages according to proof at trial.

There is deliberate action and intent. It was willful, and not just “oops” we didn’t know.

Page -20-

“Defendants had a duty to use such skill, prudence, and diligence as a reasonable ad network.”

Mobile ad fraud continues on its merry way

Note that the time the alleged fraud occurred was 2015 - 2016 timeframe. And it continues unabated today, even though trade associations perpetuate their industry narrative that "fraud is low and going lower." https://www.whiteops.com/press-releases/report-from-ana-and-white-ops-shows-war-on-ad-fraud-is-succeeding

There have been more, large examples (not suits or cases) that have been found and publicized since then. What about all those advertisers that bought these fake ads? Did they get their money back? Will they sue to get their money back?

June 2019 - https://blog.lookout.com/beitaplugin-adware

May 2019 - https://www.buzzfeednews.com/article/craigsilverman/vidmate-app-download

April 2019 - https://www.buzzfeednews.com/article/craigsilverman/google-play-store-ad-fraud-du-group-baidu

March 2019 - https://www.buzzfeednews.com/article/craigsilverman/in-banner-video-ad-fraud

November 2018 - https://www.buzzfeednews.com/article/craigsilverman/android-apps-cheetah-mobile-kika-kochava-ad-fraud

October 2018 - https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to

2017 - https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/

2017 - https://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/

"And note how hard (and how long) it takes to get your money back after losing it to ad fraud -- almost never."

About the Author:  “I consult for advertisers and publishers who actually want to know the truth and who have the courage to do something when they find ad fraud. I am not a fraud detection tech company so I show my clients the supporting data so they can verify for themselves what is fraud and what is not fraud. If they agree, they can take the necessary actions to eliminate the fraud while campaigns are still running, rather than post-mortem fraud reports and trying to get their money back.” 

Follow me here on LinkedIn (click) and on Twitter @acfou (click)

Further reading: https://www.slideshare.net/augustinefou/presentations