As a prelude to our forthcoming Violations Report, we looked at ad security violations in India 2021. India has become one of the most popular Geolocations for Malvertisers to target. In fact it's in the top 5 GEOs for malvertising detections, sitting in fourth place. All other GEOs targeted are considered Tier 1 countries, with India being the only Tier 3 country in the top 5.

Before we look in more detail at ad security violations detected by AdSecure in 2021, let's first look at some Indian statistics to try to ascertain exactly why Cybercriminals are targeting India.

It’s a massive market

India is the second most populous nation in the world behind China, with a population of 1.38 billion people. India is also one of the biggest online economies and its potential grows every year as more people become connected to the internet. According to Statista, the number of smartphone users in India in 2022 will reach 931.3 million. This also ranks the country as second in the world in terms of active internet users (behind China).

It’s a mobile first GEO

The Indian market should be considered a mobile first GEO. Just like LATAM, most individuals don’t own a personal computer, they get connected to the internet using their smartphones.

More smartphone users are coming

Popular headsets include less expensive models from Readme, Xiaomi and Samsung, and more economically priced handsets are coming because Google has partnered with Indian comms giant Jio to build a cheap, entry-level smartphone that is intended to convert 450m Indians who still use feature phones into smartphone users.

Massive mobile data consumption

India has the highest mobile data consumption rate in the world, at 12GB per user per month. This rate is predicted to double to 25GB by the end of 2025.

Indians spend on average a 5th of their day on their smartphones

According to a report released by Nokia, the average time spent by Indians on smartphones is the second highest in the world. The average user in India has increased their consumption 4 fold since 2020, now spending an average of 4.48 hours a day on their smartphones. So what are they consuming? 55% of Indians consume videos on channels like YouTube, video content sites, video and social media apps, whereas fintech, e-commerce and other kinds of browsing activities make up the remaining 45%.

Android or iOS?

According to Statcounter Android is the most popular mobile operating system in India and held 96% of the market share in 2021, followed by iOS at around 3%. 

AdSecure’s violation detections India 2021

Because such a huge volume of internet users in India are using mobile as their primary browsing device, for this blog post AdSecure examined violations that targeted mobile devices. The data is pulled from 1 January to 31 December 2021, and gives some interesting insights into the types of violations and attacks that malvertisers used in order to exploit mobile internet users in India.

Android versus iOS

Despite Android far outweighing iOS in popularity, iPhones were still heavily targeted by Malvertisers. With Apple devices being of a premium price point compared to cheaper Android handsets, Cybercriminals were definitely expecting a bigger financial gain from more affluent Indians with iPhones.

Top 5 Violations on Mobile 

On both Android and iOS devices, AdSecure detected the following percentage distribution of the top 5 violations in volume during 2021 in India:

#1 Suspicious TLD 39.7%

These are top-level domains frequently used by cybercriminals who are setting up hosts for spam emailing, scams, shady software downloads, malware distribution, botnet operations and "phishing" attacks, or other suspicious content. 

#2 Malicious url 19.9%

Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams. Especially in a country with a high mobile data consumption rate like India, many mobile users are tricked into clicking on some malicious URLs that cause monetary loss, theft of private information, or malware installation each day.

#3 Back Button Hijack 16.6%

All mobile users want an easy and fast internet browsing experience. However, many ads contain a script that allows advertisers to manipulate the browser history by inserting one or several pages in the browser history, which would prevent users from going back to the previous page they were coming from. User then have to close the page and look for the original page again, which is definitely not a pleasant browsing experience on mobile.

#4 Permission notification 14.5%

The 4th most popular violation detected in India is Permission notification. For mobile users, it is quite an upsetting experience seeing notifications asking for permission to use your location, camera or contact list etc when they have clicked on an ad. 

#5 Unsafe adult content 9.3%

Though watching adult content on a personal device is not illegal in India, the users would not want to be accidentally exposed to any sexually explicit content on ad creatives or on an ad’s landing page. This is doubly important for the website that is displaying those ads, because the website does not contain any adult content, but unscrupulous advertisers might use this kind of imagery. Or if a user is clicking on a website’s ads if they are in the office or in public places. Therefore, filtering out unsafe and adult content is very important for publishers who want to keep their mobile users happily engaged with their websites.

Malvertising aimed at specifically exploiting end users

Perhaps the worst of all violations for end users are when clicking on a malicious ad exploits, tries to steal personal data or exploit them financially. Below we have listed AdSecure detections that can do the most damage. We looked at which mobile operating system was targeted the most by Cybercriminals in India.

Android was the preferred choice for:

Auto Downloads 93%, are Ads that automatically download a file/executable/application without user interaction

Browser Lockers 99%, use a script that runs in the web browser and its main purpose is to disable any form of action that can close the browser – such as clicking the close button and pressing certain shortcut keys. All attempts to close the browser will result in a warning message box.

Scareware 97%, are Ads claiming that you have a virus and you are in need of antivirus software may, ironically, actually contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. Scammers often use the names of well-known companies that specialise in computer software to gain your trust. The pop-up advertisements aim to mimic genuine warning alerts generated by computer security software.

Phishing urls 70% Android 30% iPhone, are ad links that lead to a phishing site that tricks users into revealing their personal information (for example, passwords, phone numbers, or credit cards). The content pretends to act, or looks and feels, like a trusted entity — for example, a browser, operating system, bank, or government.

Malware was 50% for each operating system, Malware ads contain malicious code that includes viruses, worms and Trojan horse programs. It is used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

Cryptomining 98%, was heavily targeted at iPhone users, this is probably because iPhones have much better processing power compared to cheaper Android handsets. Clicking on an ad of this type activates a piece of javascript code to mine different cryptocurrencies directly through the visitor's browser, without the user knowing, basically stealing the users bandwidth and processing power on behalf of the Cybercrimnal.

Conclusion

Many times attackers infect mobile devices by injecting malicious code to steal user's personal information such as phone numbers, contacts, locations, and SMS messages for their personal gains. If your website or ad network has a large volume of Indian mobile traffic, it is imperative that you use an ad security and verification system like AdSecure to protect all internet users across your entire ad serving business.