Home Mobile Heads Up, Fake Apps: Ads.txt Is Coming For You

Heads Up, Fake Apps: Ads.txt Is Coming For You

SHARE:

Ads.txt is headed to the app ecosystem. What form will it take? That’s still shaking out.

The IAB Tech Lab released guidance on Wednesday with several proposals for how to implement Ads.txt within an app environment. Ads.txt is the Tech Lab’s initiative to reduce inventory spoofing and help advertisers distinguish legit supply sources from the imposters.

The desktop and mobile web version of Ads.txt, which lists authorized sellers within a text file hosted on a publisher’s root domain, debuted last June. Since then, more than 2 million publishers have adopted the spec.

But what works for the web doesn’t necessarily work for apps. (Speaking of, who’s tired of hearing “You can’t call it ‘in-app header bidding’ because there’s no header in apps?”)

The most glaring difference between apps and web browsers from an Ads.txt perspective is that apps don’t have a handy web domain where publishers can easily list their seller files, said Dennis Buchheim, SVP and general manager of the IAB Tech Lab.

To get around that, the Tech Lab hopes to piggyback onto a metadata field used by app stores to identify an app within their ecosystem. When developers register an app in iTunes Connect, they create what’s known as a bundle ID, which resembles a reverse URL. The bundle ID for the Apple Pages app, for example, would be “com.apple.pages.” Google uses a similar system within the Play Store.

“The idea is that you can specify the reverse URL with any supply you’re making available through OpenRTB on any inventory, and the app name is embedded in there,” Buchheim said. “It’s like a trail of breadcrumbs that leads you through verifiable sources.”

The only problem with the reverse domain method is that it relies on the app stores playing along, and they aren’t hopping aboard as quickly as the Tech Lab would like.

The app store fields aren’t consistently supported or designed to support Ads.txt. In an ideal world, all three big app stores – Google, Apple and Amazon – would implement or designate a standardized field for in-app Ads.txt and clear up other little barriers.

For example, Apple caps how many times anyone can look up a bundle ID. If you hit that threshold, further requests are rejected. That won’t fly in the OpenRTB ecosystem.

Conversations are furthest along with Google, which is a Tech Lab member. There’s been less progress made with Apple and Amazon, although Buchheim hopes that releasing the specs will light a fire under their collective behinds.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

“If there’s a groundswell, the app stores will need to support this,” he said.

But if they don’t or can’t get their act together in a timely enough manner, the IAB Tech Lab has alternative options, such as implementing a standardized API created by a third-party or independent entity to retrieve an app’s identifying metadata. It would also work if the app stores developed an API to support Ads.txt, but it’s a heavier lift to implement and fairly unlikely.

“The main thing is that we want to deploy this as quickly as possible and make it be as similar as possible to deploy for developers as it is for website owners,” Buchheim said. “The field requires the least technical effort, and it’s a secure, enduring mechanism.”

Assuming the Ads.txt-for-apps initiative gets buy-in from the app stores, Buchheim expects rapid adoption among publishers. There might also be a knock-on effect that cleans up the third-party app store ecosystem, most of which is outside the US.

“Ads.txt resulted in a bit of a shakeout on the web, and the same thing could happen here,” he said. “If it takes off for apps, the illegitimate app stores that don’t participate will essentially be waving a flag that says, ‘Don’t work with us.’”

But Ads.txt won’t solve spoofing on its own, whether on the web or in apps. It works best in combo with Ads.cert, an OpenRTB spec set to be released soon that uses cryptographic security tech to verify ad space. Think of Ads.txt and Ads.cert as two-factor authentication for programmatic buying.

“Ads.txt is about authorized resellers and Ads.cert is about authenticating what you think you’re buying,” Buchheim said. “You can go to an authorized Rolex reseller, but suppose the reseller is shady and sells fake Rolexes. You need both to really stamp out fraud in any environment.”

Must Read

AWS Launches A Cloud Infrastructure Service For Ad Tech

AWS RTB Fabric offers ad tech platforms more streamlined integrations with ecosystem and infrastructure partners, allegedly lower latency compared to the public internet and discounts on data transfers.

Netflix Boasts Its Best Ad Sales Quarter Ever (Again)

In a livestreamed presentation to investors on Tuesday, co-CEO Greg Peters shared that Netflix had its “best ad sales quarter ever” in Q3, and more than doubled its upfront commitments for this year.

Comic: No One To Play With

Google Pulls The Plug On Topics, PAAPI And Other Major Privacy Sandbox APIs (As The CMA Says ‘Cheerio’)

Google’s aborted cookie crackdown ends with a quiet CMA sign-off and a sweeping phaseout of Privacy Sandbox technologies, from the Topics API to PAAPI.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

The Trade Desk’s Auction Evolutions Bring High Drama To The Prebid Summit

TTD shared new details about OpenAds features that let publishers see for themselves whether it’s running a fair auction. But tension between TTD and Prebid hung over the event.

Monopoly Man looks on at the DOJ vs. Google ad tech antitrust trial (comic).

How Google Stands In The DOJ’s Ad Tech Antitrust Suit, According To Those Who Tracked The Trial

The remedies phase of the Google antitrust trial concluded last week. And after 11 days in the courtroom, there is a clearer sense of where Judge Leonie Brinkema is focused on, and how that might influence what remedies she put in place.

The Ad Context Protocol Aims To Make Sense Of Agentic Ad Demand

The AI advertising agents will need their own trade group eventually. For now though, a bunch of companies are forming the Ad Context Protocol, or AdCP.