Mobile Redirects

What they are, how we (mostly) stop them, and yup - we hate them too.

Eric Hochberger avatar
Written by Eric Hochberger
Updated over a week ago

First, let's define what we consider a mobile redirect:  

These are malicious ads that redirect a user away from your site to pages such as the app store or to a giveaway page for a free phone, gift card, etc. They hijack your user's web browser and take them away from your page and directly to the advertiser's page without a user clicking.

So why don't we just disable them entirely?

Oh, if only they were an easy way. These ads are typically submitted to the exchanges as quality ads that will be approved by auditors doing quality checks. But then later, are edited to sneak in their redirect code. 

There's definitely no category such as "evil redirecting ads" that we can block.

So why do the exchanges not stop this?

Exchanges are constantly working to block them, but like any good scammer, they find a way around it. This is why you see them coming in waves. A spammer comes up with a loophole, it runs, it's caught and then it gets blocked.

How bad is this problem?

Despite what you may be hearing from readers, this is definitely the case of the vocal minority. Far less than a fraction of a percent of readers will ever see one of these.

So what are we currently doing to fight this?

We use a two pronged approach.

First, we raise auction floors.

The idea being that legitimate advertisers are typically more willing to spend more money than spammers. While this has GREATLY reduced the number of low quality ads, it's not a 100% solution and some bad eggs have still snuck through.

Sandboxed SafeFrames

While still not a 100%, it's the 99.999% solution and it's known as the combination of a cross-domain "IAB SafeFrame" with the HTML5 sandbox attribute enabled. These SafeFrames help limit the damage an ad can due to your page by putting it inside a "safe" or a "sandboxed" frame that has limited access to your page. Hence the clever name.

The idea with these ads is that they won't be able to change the URL of the current page, preventing a redirect. Clicked ads will only be able to open up in new windows or tabs, and they prevent ads from inserting malicious code on your page outside of their sandbox. This, in theory, should prevent all mobile redirects.

However, there's still always some clever people that will find a way around these and there are third party native partners of ours that are still not SafeFrame compatible. However, know that out of the billions of advertisements that serve across Mediavine, we get almost no complaints of these. That's come a long way from before we implemented SafeFrames and increased auction floors.

Did this answer your question?