The latest numbers for online ad fraud are in— 2020 was a great year for ad pirates. Ad fraud, or ad piracy, occurs when bad actors divert ad revenue intended for legitimate websites (or in some cases, the original content is paid and is not supposed to include ads) to pirated and illicit content. Over the past few years, we have pointed out that “free is not cheap enough” to prevent copyright theft, and ad piracy is a major reason why. Even free content is worth stealing because pirates can steal the ad revenue intended for the original content owner.

According to a recent report from Digital Citizens Alliance and White Bullet Solutions, these bad actors reaped $1.34 billion in annual ad revenues that should have gone to content creators like ACT | The App Association members.

Larger ad space buyers were the most successful in ensuring their ads only appear on legitimate apps and websites, as advertisements for Fortune 500 brands appearing on pirated sites and apps declined from 30 percent in 2014 to 4 percent in 2021. But smaller brands are still playing catch-up, and there is more work to do generally to put a stop to ad fraud, as even the 4 percent of ad large brand ad dollars going to pirated sites still represents millions in lost revenue.

Ad piracy is not just a direct threat to the bottom lines of our member companies— it also threatens device security and consumer trust in the app ecosystem. The typical pirated video app, for example, often serves several purposes, including:

  • Generating ad revenue that should go to the legitimate app owner; and
  • Luring victims with the promise of a free version of an app that otherwise costs money in order to install malware on their device.

This latter purpose is part of the reason mobile software platforms (the app store-operating system combinations) prevent users from downloading software not vetted by the platforms for security flaws or other defects. Apple bars users from downloading any software that does not pass the review process (also referred to as “side loaded” apps) onto an iOS device. Android disallows such software by default, but enables a user to alter their settings to side load software from specific sources. The extra security and privacy measures software platforms take in the mobile space are especially important, and the numbers from the report reflect the higher security environment in mobile: $1.08 billion in ad fraud occurred on websites, while significantly less, $258 million, is attributable to apps.

Because software platforms make it hard or impossible to side load software onto smart devices, mobile is simply a less hospitable environment for ad pirates, whether they want to recruit your device for a botnet or steal your passwords with a keystroke logger. Unfortunately, this could all change if Congress passes legislation like H.R. 3816, the American Choice and Innovation Act, or S. 2710, the Open App Markets Act. These are two of a handful of controversial bills Congress is considering that amount to a federal takeover of app markets. The bills would create a presumption that bans on side loading are illegal under antitrust law. For App Association members, the constant and evolving security threats ad pirates and other bad actors pose to the app ecosystem are prime examples as to why Congress should encourage—not prohibit—measures to prevent harmful side loading. A key test for small app makers is whether consumers are willing to download apps made by companies they’ve never heard of before. Illegalizing measures to instill this level of trust leaves us back where we started on the open internet in the early 2000s, when consumers—saddled with the task of vetting software for themselves—largely declined to download from unknown sources. Our experience with ad piracy underscores this dynamic and weighs against heavy handed antitrust remedies to undo security and privacy developments that helped create the app economy.