a man sitting in front of his computer seeing the word  app-ads.txt printed on the screen.

App-ads.txt, developed by the Interactive Advertising Bureau (IAB), combats ad fraud in mobile app advertising. It builds on the ads.txt protocol initially created for web publishers, extending its functionality to mobile apps. The primary purpose of app-ads.txt is to enable app developers to declare authorized digital sellers, fostering transparency and trust.

Ad fraud, such as domain spoofing and unauthorized reselling, causes significant financial losses and disrupts the ecosystem. App-ads.txt addresses this by allowing developers to list authorized ad tech companies. Advertisers can verify legitimate impressions, ensuring secure transactions.

Implementing app-ads.txt is simple.

Developers create a plain text file, host it on their website, and list authorized sellers. Demand-side platforms (DSPs) use this file to validate purchases, reducing fraud risks.

To create the file, developers specify the advertising system domain, publisher ID, and relationship type. For instance, authorizing Google involves adding:
google.com, pub-0000000000000000, DIRECT

This entry indicates Google is directly authorized

to sell the developer’s inventory. Multiple entries can identify other approved sellers.

For example, FunGames Ltd.’s app-ads.txt file could include:
google.com, pub-1234567890123456, DIRECT
rubiconproject.com, 9876543210, RESELLER

Here, Google directly sells inventory, while Rubicon Project resells it. This clarity ensures advertisers know legitimate trading entities.

App-ads.txt offers significant benefits.

Developers gain better control over inventory, protecting brand integrity and revenue. Advertisers enjoy greater transparency, fostering confidence in ad purchases. Together, these efforts reduce fraud and strengthen the advertising ecosystem.

app-ads.txt adoption is expected to grow

With continued updates from IAB, the protocol enhances security and addresses emerging challenges. Broad industry adoption ensures a transparent and fraud-free advertising landscape.

Here are the top 3 security applications

that can help protect your server and website from vulnerable files like app-ads.txt:

  1. ModSecurity: An open-source web application firewall that helps protect websites from various types of attacks. You can learn more about it here: https://modsecurity.org/. ModSecurity can actively detect and block suspicious requests targeting vulnerable files, such as app-ads.txt, by proper configuration.
  2. Fail2Ban: A intrusion prevention software that scans log files and bans IP addresses that show suspicious behavior. You can learn more about it here: https://www.fail2ban.org/. Fail2Ban monitors web server logs and bans IP addresses attempting to access vulnerable files, such as app-ads.txt.
  3. CSF (ConfigServer Security & Firewall): A stateful inspection firewall, login/intrusion detection and security application for Linux servers. You can learn more about it here: https://configserver.com/cp/csf.html. CSF blocks IP addresses attempting to access vulnerable files, like app-ads.txt, while offering additional server security features.

You can configure each application to meet specific needs, ensuring robust security for both your server and website.