An analysis of public websites using a custom query language (SPQL) identified ads.txt, app-ads.txt and sellers.json files containing ad account IDs, which revealed that 18 UK public organizations leverage the controversial Chinese adtech vendor Yeahmobi to serve ads on government domains (.gov).
Google blacklisted Yeahmobi’s SDK for malicious activity related to ad fraud and attribution abuse, which suggests that a Chinese ad vendor with a history of questionable practices is collecting unidentified amounts of data from visitors to UK government websites.
Working of AD Exchanges
In programmatic advertising, user data like partial IP address, device type, and browser details are collected via Google ad servers and shared with ad exchanges through server-side data sharing.
Ad platforms like Yeahmobi use the data to bid on ad impressions in real-time auctions, and the user sees the winning bidder’s ad. They may also receive the opportunity to further synchronize data with partners if the user clicks on the ad.
This system scans all publicly accessible websites (clearnet and darkweb) and categorizes the data using a custom query language (SPQL), with “webscan” containing information from public internet addresses.
To identify government websites (.gov) displaying digital ads, the system analyzes six data types within “webscan” along with an experimental API query focusing on specific files commonly used for ad management, such as /ads.txt and /app-ads.txt, and includes both the presence of the file (boolean) and its unique identifier (SHA-256 hash).
Affected Government Websites:
A cybersecurity agency (CISA) in the US restricts government websites from running ads that benefit private entities. An investigation by SilentPush identified four .gov domains (mcdowellcountywv.gov, fortdeposital.gov, and cohassetpolicema.gov) with ads.txt files indicating potential programmatic ad hosting, all listing Google as the sole vendor.
Despite having no visible advertisements on its pages, another domain (sports.celina-tx.gov) listed a large number of partners in its ads.txt file, and the footer suggests that SportsEngine.com might be in charge of managing this domain.
An investigation identified 18 UK public sector websites that either display ads or have the potential to include government bodies like Transport for London and councils across England like Derbyshire Dales and Lancashire.
The ads.txt file on these sites indicates Yeahmobi, an ad vendor, as a potential partner for ad serving, suggesting these websites might be considering or already using Yeahmobi’s services for ad management.
The Council Advertising Network (CAN) manages digital ad placements on UK council websites and utilizes ads.txt files to specify authorized ad vendors. These files, like the one on Derbyshire Dales Council’s website, designate CAN’s domain as the manager and grant Yeahmobi (reseller ID: 113772) permission to serve ads and potentially access visitor data.
Never forget to check out our YouTube channel, ETHICAL EMPIRE, and keep reading our exciting blogs. Until next time, stay curious, stay secure, and keep exploring the fascinating world of cyber security. See you soon, bye!
