Home Mobile Heads Up, Fake Apps: Ads.txt Is Coming For You

Heads Up, Fake Apps: Ads.txt Is Coming For You

SHARE:

Ads.txt is headed to the app ecosystem. What form will it take? That’s still shaking out.

The IAB Tech Lab released guidance on Wednesday with several proposals for how to implement Ads.txt within an app environment. Ads.txt is the Tech Lab’s initiative to reduce inventory spoofing and help advertisers distinguish legit supply sources from the imposters.

The desktop and mobile web version of Ads.txt, which lists authorized sellers within a text file hosted on a publisher’s root domain, debuted last June. Since then, more than 2 million publishers have adopted the spec.

But what works for the web doesn’t necessarily work for apps. (Speaking of, who’s tired of hearing “You can’t call it ‘in-app header bidding’ because there’s no header in apps?”)

The most glaring difference between apps and web browsers from an Ads.txt perspective is that apps don’t have a handy web domain where publishers can easily list their seller files, said Dennis Buchheim, SVP and general manager of the IAB Tech Lab.

To get around that, the Tech Lab hopes to piggyback onto a metadata field used by app stores to identify an app within their ecosystem. When developers register an app in iTunes Connect, they create what’s known as a bundle ID, which resembles a reverse URL. The bundle ID for the Apple Pages app, for example, would be “com.apple.pages.” Google uses a similar system within the Play Store.

“The idea is that you can specify the reverse URL with any supply you’re making available through OpenRTB on any inventory, and the app name is embedded in there,” Buchheim said. “It’s like a trail of breadcrumbs that leads you through verifiable sources.”

The only problem with the reverse domain method is that it relies on the app stores playing along, and they aren’t hopping aboard as quickly as the Tech Lab would like.

The app store fields aren’t consistently supported or designed to support Ads.txt. In an ideal world, all three big app stores – Google, Apple and Amazon – would implement or designate a standardized field for in-app Ads.txt and clear up other little barriers.

For example, Apple caps how many times anyone can look up a bundle ID. If you hit that threshold, further requests are rejected. That won’t fly in the OpenRTB ecosystem.

Conversations are furthest along with Google, which is a Tech Lab member. There’s been less progress made with Apple and Amazon, although Buchheim hopes that releasing the specs will light a fire under their collective behinds.

“If there’s a groundswell, the app stores will need to support this,” he said.

But if they don’t or can’t get their act together in a timely enough manner, the IAB Tech Lab has alternative options, such as implementing a standardized API created by a third-party or independent entity to retrieve an app’s identifying metadata. It would also work if the app stores developed an API to support Ads.txt, but it’s a heavier lift to implement and fairly unlikely.

“The main thing is that we want to deploy this as quickly as possible and make it be as similar as possible to deploy for developers as it is for website owners,” Buchheim said. “The field requires the least technical effort, and it’s a secure, enduring mechanism.”

Assuming the Ads.txt-for-apps initiative gets buy-in from the app stores, Buchheim expects rapid adoption among publishers. There might also be a knock-on effect that cleans up the third-party app store ecosystem, most of which is outside the US.

“Ads.txt resulted in a bit of a shakeout on the web, and the same thing could happen here,” he said. “If it takes off for apps, the illegitimate app stores that don’t participate will essentially be waving a flag that says, ‘Don’t work with us.’”

But Ads.txt won’t solve spoofing on its own, whether on the web or in apps. It works best in combo with Ads.cert, an OpenRTB spec set to be released soon that uses cryptographic security tech to verify ad space. Think of Ads.txt and Ads.cert as two-factor authentication for programmatic buying.

“Ads.txt is about authorized resellers and Ads.cert is about authenticating what you think you’re buying,” Buchheim said. “You can go to an authorized Rolex reseller, but suppose the reseller is shady and sells fake Rolexes. You need both to really stamp out fraud in any environment.”

Tagged in:

Must Read

How TIME’s CMS Transition Laid The Foundation For Its AI-Driven Content Overhaul

The CMS migration helped unify TIME’s fragmented content data after years of platform transitions under multiple owners. This enabled TIME to launch its own AI search product and convert archival content into AI-friendly “markdown” pages.

Adobe Advertising Just Launched Its Own Custom Algorithms Product

Last week, Adobe Advertising announced the general release of its own Custom Algorithms product, which is “a huge departure from the TubeMogul days,” Erwin Castellanos, GM of Adobe Advertising, tells AdExchanger.

MFA Ad Spend Is Increasing. Is AI Slop To Blame?

This year, the percentage of ad spend going toward made-for-advertising (MFA) sites went up instead of down for the first time since 2023.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Kickbacks Takes An Outsider’s View While Bringing Ads To AI Agents

Andrew McCalip is a founding engineer at Varda Space Industries, where he oversees the manufacturing of things like hypersonic reentry vehicles and satellite buses.

CTV Buyers Are Getting The Show-Level Performance Optimization They’ve Always Wanted

A collaboration between InterMedia Advertising, Peer39 and Pontiac Intelligence provided show-level cost-per-acquisition data for 94% of CTV ad impressions.

Advertisers Await Programmatic Pause Ads

The IAB Tech Lab is working on standardizing programmatic signals for new streaming TV ad formats, including pause ads. Meanwhile, many brands are eager to add pause ads to their repertoire.