Home Mobile Heads Up, Fake Apps: Ads.txt Is Coming For You

Heads Up, Fake Apps: Ads.txt Is Coming For You

SHARE:

Ads.txt is headed to the app ecosystem. What form will it take? That’s still shaking out.

The IAB Tech Lab released guidance on Wednesday with several proposals for how to implement Ads.txt within an app environment. Ads.txt is the Tech Lab’s initiative to reduce inventory spoofing and help advertisers distinguish legit supply sources from the imposters.

The desktop and mobile web version of Ads.txt, which lists authorized sellers within a text file hosted on a publisher’s root domain, debuted last June. Since then, more than 2 million publishers have adopted the spec.

But what works for the web doesn’t necessarily work for apps. (Speaking of, who’s tired of hearing “You can’t call it ‘in-app header bidding’ because there’s no header in apps?”)

The most glaring difference between apps and web browsers from an Ads.txt perspective is that apps don’t have a handy web domain where publishers can easily list their seller files, said Dennis Buchheim, SVP and general manager of the IAB Tech Lab.

To get around that, the Tech Lab hopes to piggyback onto a metadata field used by app stores to identify an app within their ecosystem. When developers register an app in iTunes Connect, they create what’s known as a bundle ID, which resembles a reverse URL. The bundle ID for the Apple Pages app, for example, would be “com.apple.pages.” Google uses a similar system within the Play Store.

“The idea is that you can specify the reverse URL with any supply you’re making available through OpenRTB on any inventory, and the app name is embedded in there,” Buchheim said. “It’s like a trail of breadcrumbs that leads you through verifiable sources.”

The only problem with the reverse domain method is that it relies on the app stores playing along, and they aren’t hopping aboard as quickly as the Tech Lab would like.

The app store fields aren’t consistently supported or designed to support Ads.txt. In an ideal world, all three big app stores – Google, Apple and Amazon – would implement or designate a standardized field for in-app Ads.txt and clear up other little barriers.

For example, Apple caps how many times anyone can look up a bundle ID. If you hit that threshold, further requests are rejected. That won’t fly in the OpenRTB ecosystem.

Conversations are furthest along with Google, which is a Tech Lab member. There’s been less progress made with Apple and Amazon, although Buchheim hopes that releasing the specs will light a fire under their collective behinds.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

“If there’s a groundswell, the app stores will need to support this,” he said.

But if they don’t or can’t get their act together in a timely enough manner, the IAB Tech Lab has alternative options, such as implementing a standardized API created by a third-party or independent entity to retrieve an app’s identifying metadata. It would also work if the app stores developed an API to support Ads.txt, but it’s a heavier lift to implement and fairly unlikely.

“The main thing is that we want to deploy this as quickly as possible and make it be as similar as possible to deploy for developers as it is for website owners,” Buchheim said. “The field requires the least technical effort, and it’s a secure, enduring mechanism.”

Assuming the Ads.txt-for-apps initiative gets buy-in from the app stores, Buchheim expects rapid adoption among publishers. There might also be a knock-on effect that cleans up the third-party app store ecosystem, most of which is outside the US.

“Ads.txt resulted in a bit of a shakeout on the web, and the same thing could happen here,” he said. “If it takes off for apps, the illegitimate app stores that don’t participate will essentially be waving a flag that says, ‘Don’t work with us.’”

But Ads.txt won’t solve spoofing on its own, whether on the web or in apps. It works best in combo with Ads.cert, an OpenRTB spec set to be released soon that uses cryptographic security tech to verify ad space. Think of Ads.txt and Ads.cert as two-factor authentication for programmatic buying.

“Ads.txt is about authorized resellers and Ads.cert is about authenticating what you think you’re buying,” Buchheim said. “You can go to an authorized Rolex reseller, but suppose the reseller is shady and sells fake Rolexes. You need both to really stamp out fraud in any environment.”

Must Read

Wall Street Turned Against Ad Tech – But May Learn To Love It Again

What can pureplay ad tech companies do to clean up their rep on the Street?

Glenniss Richards, senior director of digital media, Bayer

How Bayer Wrote Its Prescription For Programmatic

Bringing media buying in-house is “chaotic and disruptive” – but totally worth it, according to Glenniss Richards, Bayer’s senior director of digital media.

AppsFlyer and Roku’s New SRN Integration Will Shed Light On CTV Campaign Impact

Roku and AppsFlyer announced the launch of a new self-reporting network (SRN) integration between both companies, which will allow mobile app advertisers to more effectively measure their streaming video campaigns

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: Gamechanger (Google lost the DOJ's search antitrust case)

DOJ v. Google: How Judge Brinkema Seems To Be Thinking After Week One

Where the DOJ v. Google ad tech antitrust trial stands after one week’s worth of remedies arguments.

Swish, A Company That's Bringing Programmatic to Product Sampling, Announces Seed Funding

Swish, a startup that partners with retailers to provide product full-size CPG samples to people doing their grocery shopping online, announces $2.3 million in seed funding.

DOJ v. Google: During Opening Arguments, The DOJ And Google Battle Over An AdX Divestiture

Court is back in session. And the fate of  the open internet is in the balance.