Bots are programmed to act like a human and carry out specific tasks within a retailer’s mobile app, such as buying up all of a limited-edition item. That undermines the experience of legitimate consumers. Here’s what retailers can do about them.

Paul H. Müller, o-founder and chief technology officer, Adjust

Paul H. Müller, co-founder and chief technology officer, Adjust

In today’s competitive world of ecommerce, every retailer’s goal is to make the user experience simple, smooth and safe for customers. And with their speed and convenience, apps provide the ideal framework to do so.

Shopping apps are big business. Research from Apptopia shows that downloads of shopping apps reached 5.70 billion in 2018, up 9.3% over 2017. What’s more, these users stick around: 48% of consumers still use an ecommerce app one month after its initial download, compared to an average retention rate of 43% across verticals.

If one person buys up 40% of the product just to resell it, it’s not a good customer experience for anyone.

However, shopping apps are quickly undermined by a sub-par user experience, whether it’s stolen accounts, not getting the tickets you were expecting for months or limited-editions items that sell out the second of the release. One of the most damaging, but relatively unaddressed threats, is bot fraud.

What is bot fraud?

Contrary to mobile ad fraud, in-app bot fraud does not target an app’s marketing budget—it attacks an app after a user installs it.


Bots are programmed to act like a human and carry out specific in-app events. They are often tailor-made for a single app, making them far more calculated and sophisticated. They’re also almost impossible to detect—mimicking human behavior and acting slowly so as not to raise suspicion.

The issue has flown under many marketers’ radar for years, but as the damage increases, it is becoming more well-known. At this year’s Mobile World Congress conference, James Hilton, global CEO at M&C Saatchi Performance, urged the industry to work together to get the problem under control, observing that hackers “use devious ways to keep pushing and maximizing revenue” through bots and “by spotting them through AI we can be a step ahead.”

How do bots affect ecommerce apps?

Bots affect all apps, everywhere—and ecommerce apps are no exception. There’s a whole host of ways bots can sabotage them, including the following:

Swooping up high-demand products

Today’s exclusive product drops or ticket releases can sell out in a matter of seconds, and it’s often due to bots designed to scalp products in high demand. These can be programmed to swoop up products before legitimate users ever have a chance to click the Buy button. This forces legitimate customers to purchase these items at highly marked-up resale prices, creates a poor shopping experience with the brand, and disincentivizes loyal customers.


These bots aren’t just being used by a select few consumers, either. On the 29th of March, the number one paid-for app on the App Store was the $20 Supbot— “The world’s fastest Supreme bot” —which helps its users get their hands on the latest Supreme drops faster than other shoppers.

It’s an issue which Chris Bossola, founder and CEO of Need Supply Co., knows only too well: “If one person buys up 40% of the product just to resell it, it’s not a good customer experience for anyone,” he said. “And it’s not helpful for us since those people are not reliable customers who provide long-term value.” 

Staging log-in attacks

If brands require users to have accounts, they’ll still have bots trying to gain access.

Bots leverage lists of stolen credentials to hack into user accounts, and once in, they can use these real accounts—along with saved credit card information—to buy products either from the account itself or through credit card skimming.


Skewing analytics metrics

Data forms the basis of any successful ecommerce strategy. But bots can dramatically skew your data—introducing huge spikes in traffic from particular regions, where these bots are programmed, and creating legitimate-looking interest in certain products. If undetected, the data can go on to skew retailers’ feedback loops and retargeting strategies.

All these elements have a direct impact on the user experience, but also force retailers to implement extra steps to protect it. This means they often have to integrate CAPTCHAs and stricter password policies, and with today’s time-constrained consumers looking for as seamless a check-out process as possible, these extra steps could make them abandon their shopping baskets in frustration.

Bots can also create fake reviews to unfairly boost a product’s placement on a website – and the UK government’s Competition and Markets Authority estimated such reviews potentially influence £23bn of UK customer spending every year.

Fighting back

Bot fraud is a relatively unknown problem, which makes it hard for retailers to address. But it’s possible to fight back.


Because bots simulate real human behavior, it’s extremely hard to detect them. The one chance where developers can win is by looking at human behavioral patterns. This includes how humans scroll and tap, when and where they take different actions within the app, even how they hold the device. From there, building a machine-learning model can go on to compare in-app performance and determine which are human, and which are bots.

This is no mean feat to undertake in-house. Working with experts in machine-learning and biometric data will save valuable time and resources, while ensuring close to 100% accuracy. By learning an app’s natural user-flow, retailers can then discern the patterns in behavior that distinguish humans from bots. From there, they can easily weed out the bots and take back control of their app economy.

In a space as competitive as ecommerce, user experience can be make or break. If the user experience falls short, shoppers will turn to another retailer. However, creating a strong, bot-free, in-app experience heightens engagement and loyalty, which will translate to increased loyalty, time spent in-app, and ultimately higher revenue.

Adjust specializes in mobile traffic monitoring, analytics and fraud prevention.