In our last post on digital ad fraud we talked about the percentages of fraudulent ad traffic and broke it down by browser. We found that a majority of ad traffic - in both desktop and mobile channels - came through Chrome browsers and 14% of that traffic was fraudulent. In this report we dug into ad traffic by operating system (OS) to see which desktop and mobile systems are the riskiest when it comes to ad fraud.
Download a copy of this report.
A PDF of our Ad Fraud: Operating Systems Report for October 2018 is provided in the link below.
These results stem from the analysis of digital ad traffic from September and October 2018. Our pixel-based technology regularly monitors data from over 640 million unique users, 1.2 billion unique devices, and 12 million URLs monthly. We map the latest devices, locations, bots, behaviors, and hacking tactics that are being used by digital fraudsters. The fraudulent percentages reported here represent ad traffic determined to be generated by malware, bots, compromised devices, and other nefarious means, rendering it fraudulent. We previously reported that globally, 18% of desktop ad traffic is fraudulent and 10% of mobile ad traffic is fraudulent.
Desktop Ad Traffic by OS
Let's start with desktop ad traffic and what operating systems we're seeing most. The largest volume of desktop ad traffic (46%) came from the Windows 10 OS, followed by 31% from Windows 7, and then 7% from Windows 8.1. Over 95% of traffic came from ten desktop operating systems. Here's the breakdown:
Looking at these ten desktop operating systems, we found that 15% of ad traffic from Windows 10 - the OS with the most volume - was fraudulent. Linux had the highest percentage of fraudulent desktop traffic at 23%, followed by Windows 8 at 22%, and Windows 7 at 19%. Here's the breakdown of fraudulent ad traffic by operating system:
We then combined data from all observed versions of Windows operating systems (9 different versions) and Mac operating systems (30 different versions) and found that 88% of desktop traffic was from Windows OS and 9% was from Mac OS:
We looked at the percentage of ad fraud from these two groups of operating systems and found that 17% of ad traffic from Windows desktop operating systems was fraudulent and 7% of ad traffic from Mac desktop operating systems was fraudulent:
Mobile Ad Traffic by OS
Looking now to mobile ad traffic, the largest volume (21%) came from the iPhone 11.4.1 OS, followed by 18% from Android 8.0.0, and then 17% from Android 7.0. Over 90% of mobile ad traffic came from 13 operating systems. Here's the breakdown:
Looking at the two most popular mobile operating systems, we found that 8.1% of ad traffic from the iPhone 11.4.1 OS was fraudulent and 7.6% of ad traffic from the Android 8.0.0 OS was fraudulent. Of the 13 mobile operating systems with the greatest volume of ad traffic, we found that Android 6.0 had the highest percentage of fraudulent traffic at 13%, followed by Android 5.1 at 12.8%, and Android 6.0.1 at 11.1%. Here's the breakdown of fraudulent ad traffic by mobile operating system:
Combining all versions of the Android (18 different versions observed) and iPhone (28 different versions observed) operating systems, we found that 62% of mobile ad traffic was from Android operating systems and 37% was from iPhone operating systems:
We looked at the percentage of ad fraud from these two groups of mobile operating systems and found that 10% of ad traffic from Android operating systems was fraudulent and 9% of ad traffic from iPhone operating systems was fraudulent:
Our take on this data.
- With 88% of desktop ad traffic coming from Windows operating systems, fraudsters are taking advantage: From a fraudster's perspective, it makes the most sense to take advantage of vulnerabilities in the most widely used operating systems because malware can then be spread to more devices resulting in a larger botnet to be used for nefarious reasons, including ad fraud.
- Fraudsters are taking advantage of Windows vulnerabilities, but Macs are not completely safe either: Apple's Mac operating systems have in the past been generally thought of as more secure and less vulnerable to malware and viruses, and our data seemingly backs this up: Overall, 7% of desktop ad traffic from Mac operating systems was fraudulent compared to Windows' 17%. Mac users shouldn't be lulled into a false sense of security though - the 7% shows that the desktop devices are being exploited by fraudsters, just not on the same scale as Windows devices.
- Older operating systems tend to be more vulnerable: While 15% of ad traffic from the Windows 10 OS was fraudulent, older versions of the operating system (e.g., Windows 8 and Windows 7) had even higher amounts (22% and 19% respectively). This was also evident with mobile operating systems - newer systems (e.g., iPhone 12.0 and Android 8.0.0) had the lowest percentages of fraudulent mobile ad traffic (7% and 8% respectively) while older systems (e.g., Android 6.0 and Android 5.1) had 13% and 12.8% respectively. The longer a system is around, the more known vulnerabilities there are, which fraudsters can then take advantage of.
- Ad fraud is more evenly distributed in the mobile landscape: While older versions of mobile operating systems tended to have higher percentages of fraudulent ad traffic, there is only a 1.2% difference in the percentages of ad fraud in all versions of iPhone OS versus the Android OS.