Skip to content
EXECUTIVE BRIEF HOW AI-POWERED AD FRAUD REACHED A TIPPING POINT IN 2025 Learn More
NEW PRODUCT ANURA IPDB™ - REAL TIME FRAUD IP INTELLIGENCE Learn More
NEW ANURA STOPS AI-ASSISTED SIVT THREAT Learn More
RESOURCE INVALID TRAFFIC CALCULATOR Calculate Your Savings
RESOURCE ULTIMATE GUIDE TO AD FRAUD Get It Now
TAKE ACTION AUDIT YOUR TRAFFIC Audit Traffic Now
Have Questions? 888-337-0641
5 min read

Is Google Chrome Inadvertently Protecting Fraudulent Activity?

Phone-lock-screen-privacy-settings-concept

Online data privacy is an enormous (and complicated) issue. User privacy tools help protect regular website visitors from having their data tracked, taken, and used against them. Some consumers and advocacy groups have pushed hard for increased privacy protection online. However, privacy tools have often been co-opted for fraudulent activity by criminals.

Entire industries, such as the virtual private network (VPN) industry, have sprung up in response to privacy and data security concerns. But VPNs are often used to obfuscate ad fraud schemes and make it easier for invalid traffic from bots to go undetected.

Stop wasting time and money chasing refunds and bad traffic. Instantly block  repetitive fraud.

Is Google making changes?

Recently, news articles started talking about Google making a major change to user privacy called the “Privacy Sandbox.” The basic intent of the change is to enhance privacy for Android device users .

While consumers will likely appreciate the intent of the Privacy Sandbox, marketers may (and should) be less sanguine about implications of these changes. Why? Because there’s a risk that the new privacy settings will not only negatively impact ad targeting, but will give fraudsters a chance to perpetuate their schemes more easily.

Let’s discuss some of the changes Google is making to user privacy, how they might inadvertently affect fraudulent activity targeting your marketing, and what you can do to protect your business.

How Is Google Changing User Privacy?

In February of 2022, Google announced a new “Privacy Sandbox” tool for Android that phases out third-party cookies online and eliminates “cross-app identifiers” such as Advertising ID while also limiting data sharing to third parties.

Google also wants to change how user agent (i.e. software acting on behalf of a user, like a web browser) identification works. As ScientiaMobile put it: “If things end up going according to Google’s plans, though, a partial freeze of the User-Agent will be rolled out on desktop browsers first during 2022… The frozen User-Agent string will no longer reveal the device model, and it will brazenly lie about the version of the browser and operating system.”

With this change, web browsers would make generic “initial” requests to websites instead of ones that are specific to that browser. This would require site owners to “ask” for more information in order to get browser-identifying information—which can prove to be incredibly difficult since there are a bunch of extra hoops to jump through.

This will make it harder for third parties to interact with device users. According to updates from The Chromium Projects, as of June 13, 2022 the phase 4 (of 7) rollout of the reduced user agent (UA) string reference “was enabled for 100% of clients on M101 and above via Finch.” The effect of this particular phase of the change would be to make “the reduced UA string would apply to all page loads on desktop and mobile OSes that do not opt into the reverse Origin Trial.”

A Potential Impact of User Privacy Changes on Advertising Efforts

Google’s new privacy change resembles one made by Apple in 2021. According to an article by Business Insider, Meta (the company behind Facebook) “said it stands to lose $10 billion this year due to the small but impactful change made by Apple.”

To summarize what Apple did: they added an alert to their iPhone devices that allowed users to opt out of allowing apps to track their behaviors across other apps. As Business Insider reported, “over 95% of iPhone users who had downloaded the update were opting out of ad tracking.” Since Meta/Facebook generates most of its revenue using targeted ads and relied on the ability to track activity in other apps to collect the necessary data, it’s easy to see how this change affected their revenue.

In light of Google’s new change, marketers will need to identify new ways to track user activities—possibly through methods that are more complicated and prone to error than the simple user agent string and third-party app tracking data that they previously used.

How Google’s New Privacy Change Could Accidentally Protect Fraudulent Activity

The major problem with any user privacy change is that it can dramatically impact the way that companies handle identity verification. By hiding the user agent string (the OS, the device type, and even the software name), this update makes positively identifying the source of fraudulent activity even harder for the average ad fraud solution.

Why does this make bot detection and fraud prevention harder? As noted by Security Magazine, bot detection solutions “rely heavily on device fingerprinting to analyze device attributes and malicious behavior… the information collected from the device fingerprint has become a major element of the information analytics engines [used] to decide whether traffic is bot or human.”

However, this difficulty shouldn’t be anything too new for ad fraud solution providers. For years, fraudsters have used device spoofing techniques to purposely hide this information from detection to help disguise their illicit activities. Google’s privacy change will just make this easier for the fraudsters.

In addition to incidentally helping to hide bot-based fraud activity, this change to privacy may also make human fraud farms more effective. Normally, a human fraud farm would have to go through the motions of changing their device spoofing settings to conduct fraud. However, with their user agent string data already hidden, the sweatshop workers in these fraud farms can skip that step—saving time and device processing power so they can carry out more fraud per hour.

Unfortunately, many ad fraud solutions simply aren’t sophisticated enough to cope with not being able to accurately track the user agent string information.

This is why you need an ad fraud solution that pulls more data about each website visitor than just the user agent string and one or two other data points that are only useful for tracking the most simplistic of bot-based fraud schemes.

What Marketers Can Do to Protect Their Online Ad Campaigns from Bot Traffic

So, how can you protect your online ad campaigns from bot traffic being hidden by new privacy settings that make it impossible to “fingerprint” the devices used to commit fraud? The same way that marketers have been fighting fraudsters who use device spoofing techniques that existed before this change: by using an ad fraud solution that tracks hundreds of data points about each website visitor to verify their identities and intentions.

Why let fraudsters get away with your company’s money? Stop ad fraud now with a proven, reliable solution that virtually eliminates false positives and is designed to thwart many of the techniques that fraudsters use to hide!

Frequently Asked Questions

Does using ad fraud protection violate any platform policies on Google or Meta?

No. Reputable ad fraud protection solutions are designed to operate within fraud protection platform policies established by Google and Meta. Rather than modifying campaigns or bypassing platform rules, they monitor traffic, identify invalid clicks, and flag suspicious activity using approved integrations and data sources. The best providers prioritize Google Meta fraud tool policies, maintain strong ad fraud tools compliance, and avoid practices that could violate advertising terms of service. When comparing vendors, verify that the platform follows platform TOS fraud detection requirements and uses approved APIs where applicable. Choosing a compliant solution helps advertisers reduce wasted ad spend while remaining aligned with both Google and Meta advertising policies.

How can I tell if an ad fraud protection platform complies with Google and Meta policies?

A trustworthy provider should clearly explain how it collects data, detects invalid traffic, and integrates with advertising platforms. Look for documentation that addresses fraud protection platform policies, outlines adherence to Google Meta fraud tool policies, and demonstrates ongoing ad fraud tools compliance. Reputable vendors avoid interfering with ad delivery or manipulating campaign data, instead providing analytics, monitoring, and fraud detection through approved methods. They should also explain how their technology aligns with platform TOS fraud detection requirements and update their platform as advertising policies evolve. Transparent documentation and clear compliance practices are strong indicators that a solution is built for long-term, policy-safe use.

Can Google or Meta suspend an account for using ad fraud protection?

Using a legitimate ad fraud protection platform alone should not result in account suspension. Google and Meta generally permit tools that analyze traffic quality and identify invalid activity, provided they comply with fraud protection platform policies and do not interfere with platform functionality. The risk comes from using tools that violate Google Meta fraud tool policies, automate prohibited actions, or fail to meet ad fraud tools compliancestandards. Before selecting a provider, confirm that it follows platform TOS fraud detection guidelines and integrates through approved methods. Choosing a reputable solution helps protect your advertising investment while supporting compliance with platform requirements.

If you didn’t find the answer you need, click here to reach out to one of our ad fraud experts

 

See exactly how much you could be losing to ad fraud, Get Traffic Quality Audit.