<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=134132097137679&amp;ev=PageView&amp;noscript=1">

What You Need to Know About MRC's Interim Guidance for Mobile In-App SIVT

This serves as an introduction to Pixalate’s MRC thought leadership series specific to Sophisticated Invalid Traffic (“SIVT”) within mobile application (in-app) environments.

SIVT within in-app environments has many varied characteristics — both in structure and detection solutions — compared to web traffic (desktop and mobile web). It is important that entities operating in the mobile in-app digital advertising ecosystem take these differences into consideration when establishing their internal control framework and their SIVT detection/filtration processes.

On June 2, 2017, the Media Rating Council (“MRC”) issued interim guidance specific to SIVT within mobile in-app environments to establish a process for evaluating the different characteristics of SIVT as detected within mobile in-app environments. The guidance serves as a supplement to the MRC Invalid Traffic (“IVT”) Guidelines Addendum (the MRC IVT Guidelines)  issued on October 15, 2015.

The additional guidance provided is specified to the following procedural areas (described in greater detail below):

Executive Summary: Mobile In-App SIVT Considerations (by procedural area)

mrc-mobile-app-sivt-guidelines-invalid-traffic

  • IVT Risk Assessment

    • Detection measures and capabilities at various mobile application stages (downloaded, open, initialized, in-use online or offline);
    • Fraud types, models, risks or incentives not covered in the existing SIVT framework or IVT taxonomy (or different from those in desktop and mobile web environments);
    • Presence of premium pricing for mobile in-app inventory;
    • Relative sophistication of potential IVT schemes required in certain in-app environments;
    • Susceptibility of apps to transmission interception (to be considered in assessing risk at an application level);
    • App store vetting or security policies and protections (should not be relied upon);
    • Compensating controls to cover IVT detection gaps in situations where desktop/mobile web detection assets (JavaScript, flash, cookies, etc.) are unavailable;
    • Presence of proxy traffic or routing artifacts that may obfuscate origination information or limit the granularity of data collected for purposes of IVT determination (such as X-Forwarded-For data);
  • Business Partner Qualification

    • Evaluate mobile applications on a discrete level (as applicable, appropriate)
  • Additional Parameters and Heuristics

    • Different/additional benchmarks or thresholds for SIVT activity-based techniques;
    • Known app behaviors that may be indicative of SIVT;
    • Use of alternative detection assets and data points in evaluation of traffic arising from environments where IVT and measurement detection assets (such as JavaScript, flash or cookies) or other techniques do not function;
    • Presence of proxy traffic or routing artifacts that may obfuscate origination information or limit the granularity of data collected for purposes of IVT determination (such as X-Forwarded-For data);
    • Differentiation of parameters/thresholds/evaluation criteria by device type/operating system and device status (stock/jailbroken);
    • Differentiation of parameters, thresholds, and evaluation criteria by app type/properties (app permissions, app communication protocols, presence of multiple redirects, etc.);
    • Differentiation of parameters, thresholds, and evaluation criteria by user (population or content of collected user information, presence of inconsistent user parameters)

Invalid Traffic (IVT) Risk Assessment

mrc-mobile-app-invalid-traffic-ivt-sivt-risk-assessment-1

What is a risk assessment?

A risk assessment is simply the process of identifying and evaluating the potential hazards that could negatively impact an organization's ability to conduct business. These assessments are designed to identify inherent business risks and provide measures, processes, and controls to reduce the impact of these risks to business operations.

Read our blog for more information on risk assessment.

Business Partner Qualification (BPQ)

mrc-mobile-app-invalid-traffic-ivt-sivt-business-partner-qualification-1

What is business partner qualification (BPQ)?

Business partner qualification is the process by which an entity works to verify the identity, stature, and legitimate intent of the respective entity (or individual) in which they are engaging with. This process is designed to protect the entity from the potential business and operational risks associated to doing business with a party of ill intent; most notably as it pertains to the digital advertising ecosystem, those attempting to perpetuate ad fraud.

Read our blog for more information on business partner qualification (BPQ).

Additional Parameters and Heuristics across SIVT detection solutions

SIVT detection and filtration techniques, by design, incorporate various parameters, thresholds, and evaluation criteria in identifying invalid traffic. Pertaining to the parameters and heuristics considered with respect to SIVT techniques employed in mobile in-app environments, the MRC interim guidance states the following:

“Measurement vendors applying SIVT detection and filtration techniques must consider mobile applications discreetly in setting parameters or determining heuristics used should they represent a material portion of measured and filtered traffic.”

These additional considerations, as broken down in the executive summary above, are intended to address the major differences in the evaluation of mobile in-app traffic (on the basis of IVT/SIVT).

Additional consideration regarding General Invalid Traffic (‘GIVT’) within Mobile In-App

The MRC mobile in-app SIVT interim guidance also explicitly addresses measurement vendors’ responsibility to apply a similar level of discernment and rigor in evaluating General Invalid Traffic (“GIVT”) within mobile in-app environments. While many GIVT techniques are parameter- or list-based, such procedures are required to be evaluated and assessed by the service on the basis of the coverage on a discrete application level. The MRC interim guidance also encourages the development of incremental procedures to address any coverage gaps identified, especially in situations where mobile in-app constitutes a material portion of measured and filtered traffic.

Popular Posts

MRC Definitions for Invalid Traffic: SIVT and GIVT

Pixalate unveils the list of sites secretly mining for cr...

MRC Viewability Standards: What It All Means

Pixalate uncovers apparent example of sophisticated mobil...