If there was ever a phenomenon guaranteed to leave you questioning the utter futility of human existence, it would be the cellphone click bot farm.

Peeking through the looking glass of the internet, you can clearly see the bottom of the barrel, where hardworking bot farmers tend their flock of cellphones day and night, sowing the fields with likes, views – and unfortunately, click fraud.

You’d laugh if it wasn’t so sad – and hazardous to your ads.

In this article, we delve into the murky origins of cell phone bot farming. We’ll explore the advances in bot technology that made it possible, and we’ll look at the best way to keep these characters out of your Google Ads.

What Is a Cell Phone Bot Farm?

We should clarify the terminology. Click farms, bot farms, and botnets all refer to specific practices which can be combined to provide a range of services that would honestly have no place in a sane world.

Let’s start off with some basic definitions of some of these key terms.

Click Farm – An organized group of people who can be hired to generate traffic and interactions on the internet.

Bot Farm – Providing the same service as a click farm, a bot farm uses less people by relying on bots (software that can be used to complete functions automatically with minimal human assistance).

Bot Net – a sophisticated piece of malware that infects devices when they visit a fraudulent website. Each infected device becomes part of a botnet, controlled remotely by the botnet owner.

Botnets are expensive to build – and unless you’ve got consent from each device owner (unlikely) botnets are definitely illegal.

Think of these three approaches as business models. The farmer chooses a model based on the standard factors which affect any business – scale, market, and local labor conditions. The different models are often used in combination, or to provide different levels of service.

For example, a large, established farm may use humans for more complex tasks and charge more for these services, whilst offering basic bot farm services for simpler tasks that can be easily automated.

Alternatively, a cell phone bot farm can be set up and run by a single person, with minimal investment, at maximum efficiency. This is an easy way in for anyone who wants to dabble in bot farming as a side hustle (more on this later).

Cell phones are used as a cheap and fairly reliable way to spread bot activity across multiple devices. Multiple devices can be simulated from within one powerful computer, but this is difficult to do, and often less cost-effective than using lots of cell phones which can be bought for a few dollars each.

What Services Can a Cell Phone Bot Farm Provide?

Services typically offered by cell phone bot farmers include;

  • Adding followers, likes, and comments on social media accounts and websites
  • Creating backlinks to boost the authority and SERP rankings of a website
  • Generating website traffic
  • Disinformation campaigns and internet ‘trolling’.

Most of the time, click farms and cell phone bot farms are engaged in activity that’s perfectly legal. Adding likes to Facebook business pages and racking up views on monetized streaming platforms like YouTube and Twitch – these bot farm services are unavoidably popular, as users attempt to game the systems for profit and social proof.

There’s no legal consequence for actions like this – even though it’s cynical and manipulative, and further proof (if proof were needed) of Goodhart’s Law

But no judicial system in the world is ready to punish citizens for ‘liking’ something (officially).

It’s also the perfect cover for criminal activity. A cell phone bot farm can carry out click fraud just as easily as any of its other activities, without risk of consequences.

The Dark Side of the Bot  

A bot is a piece of code script that carries out a function. If the function is something really simple, you could build it yourself – there’s thousands of tutorials like this one, showing you how to build a basic chatbot that replies to messages using a stock response. With only the haziest understanding of JavaScript, you can quickly learn to create bots to automate all kinds of processes.

Of course, you don’t need to build anything if you don’t want to. Bot services are widely available, and the commercial bot industry is projected to be worth $7.8 bn by 2030.

But the commercial face of the bot industry, which deals primarily in customer service applications and chatbots, hides a deeper truth. Over half of global internet traffic is now thought to be non-human in origin. 

Not all bot traffic is evil, for sure – but a large part of it serves no one other than those who actually profit from shady businesses (such as bot farms, for example.)

‘Users’ – i.e. website visitors, social media profiles, views on streamed videos – have been found to be bots at least 50% of the time, with less than half of that number believed to be carrying out legitimate useful services, like search engine crawlers indexing the web.

And the rest? Let’s just say most of these aren’t the kind of bots you’re going to build yourself after a 2-minute YouTube tutorial.

But how did we get here?

the evolution of botnets

Bots: A (R)evolution

The rise of the cell phone bot farm is best understood in generations.

First-generation bots are basic scripts that transmit data. They can be easily distinguished because, unlike the web browser that a real visitor would use, they can’t store cookies or independently execute JavaScript.

They’re used primarily for web scraping activities (often hidden within legitimate scraping tools) or form spam. They tend to make thousands of visits from a single IP address, which can easily be blocked.

Nowadays, first-gen bots are more of a nuisance than a threat – their inability to respond to JavaScript commands led to the inclusion of JavaScript challenges as a basic security measure.

Second-generation bots got around the two main indicators of first- gen bot activity (cookie storage and JavaScript) by using headless browsers as a vehicle.

Headless browsers are web development and testing tools that have all the normal functions of a browser but don’t contain the ‘head’ code responsible for displaying the user interface. So if you’re running a headless browser, like PhantomJS or SimpleBrowser, there’s nothing to see. Chrome and Firefox can also be run in headless mode.

As well as scraping and form spam, second- gen bots can be used for application DDoS attacks (where a DDoS attack is targeted within a specific app) and ad fraud.

They’re still fairly easy to detect, due to specific JavaScript variables and session length metrics. When their ‘behavior’ is measured against typical user behavior, they’re easy to identify and block. They can also be spotted by reading their browser’s ‘fingerprint’ (a comprehensive set of data exchanged in JavaScript between their browser and the visited site).

Third-generation bots gave botmasters the ability to use fully functional browsers as a bot delivery method. This game-changing technological leap put bots in the hands of non-experts for the first time, and homegrown cell phone bot farming was born.

Third-gen bots also saw the introduction of simulated human behavior, and basic ‘human interaction’ patterns such as mouse movements and keystrokes could now be programmed as bot functions, making these bots harder to detect.

Third-gen bots are often used for account takeovers, API abuse, application DDoS, and ad fraud.

It’s much harder to detect Third-gen bots based on device or browser characteristics. However, depending on the bot’s purpose, it’s usually possible to detect programmatic patterns through behavioral analysis. For example, a third-gen bot will access the pages of a website in the same order, for the same length of time on every visit, which becomes apparent after a couple of visits.

For bedroom cell phone bot farmers trying to scrape together additional income, there’s a number of commercially available third-gen bots they can use to replicate human behaviors, such as FRep, which (at the time of writing) can still be purchased through the Google Play Store.

Fourth-generation bots provide a much more sophisticated pattern of mimicked human behavior, including randomized mouse movements and page visit durations. They also carry out ‘behavior hijacking’, combining machine learning with malware and botnets. This allows them to record and learn from genuine human interactions with a website or app via an infected device.

Fourth-gen bots are used primarily for account takeovers, API abuse, ad fraud, and application DDoS. They tend to be distributed widely across thousands of IP addresses, generating lower levels of interaction to help evade detection. Using 4th generation bots in this way isn’t an option for most bedroom cell phone bot farmers, who don’t usually have enough IP addresses to work with.

Successful mitigation of Fourth-gen bots is made trickier by the increased likelihood of ‘false positives’ – when bot behavior is so closely modeled on human behavior, it’s easy to find yourself jumping at shadows, and excluding any user who demonstrates aberrant or suspicious behavior.

Successful detection and exclusion of these next-level threats requires advanced threat analysis – a hybridized approach where cybersecurity experts use machine learning models to conduct an intensive analysis of the user based on a wide range of behavior and non-behavior-based criteria.

Cell Phone Bot Farm Scandals

Inevitably, cell phone bot farms are more likely to make the news when they’re used for political purposes. Several recent high-profile cases have seemed to provide evidence of bot farms working on behalf of governments.

Earlier this year, the Security Service of Ukraine (SBU) announced the destruction of five Russian bot farms it had found operating in the disputed territories of Kharkiv, Cherkasy, Ternopil, and Zakarpattia.

According to the SBU, the bot farms had “tried to inspire panic among Ukrainian citizens and destabilize the socio-political situation in various regions.”

cell phone bot farm
Source:SBU

More recently Recorded Future, the world’s largest data intelligence company, published research into the Chinese government’s outsourcing of social media disinformation campaigns to a variety of bot farms and click farms.

Techniques included hashtag hijacks, where hashtags used by protesters to rally and unite their efforts were flooded with irrelevant spam, rendering them unusable.

While cases like these (along with the occasional ad fraud bot farm scandal) make the headlines, there’s nothing secretive about the activities of bedroom cell phone bot farmers.

Anyone wanting to start a bot farm need look no further than YouTube, where you can find willing instructors like this guy. For the cost of a few phones, and the time it takes to set up a Discord account, a bot farmer can be operational and merrily clicking away on Twitch streams, Instagram profiles…or your Google Ads.

How to Beat the Bot

Let’s go back to that stat we mentioned earlier. If half of the global internet traffic is thought to be non-human, what chance do we have of assessing whether the opinions we see below the line on news articles are real? How can we tell if a new game is popular or not? And how can businesses know if the traffic they receive from their advertising has any interest in their products and services?

It’s possibly a problem that can’t be solved yet. We need bots. Bots index the web, bots profile businesses, gather useful information, and aid important research. Excluding all non-human traffic would break the internet as we know it.

You can’t battle every bot. But when those bots are in direct conflict with the interests of real people – draining budgets, stealing identities – it’s time to act. And fortunately, there are some very effective solutions.

Cell phone bot farms are part of a specific problem that ClickGUARD is designed to solve. If your Google Ads are being targeted, then our Advanced Threat Analysis systems will take apart every single visitor according to a complex range of behavior and non-behavior-based criteria. We’ll block any visitor who doesn’t have the right to be there.

Read more about how ClickGUARD keeps bots at bay.

Cell Phone Bot Farm FAQs

What is mobile farming?

Mobile farming (also known as phone farming) is a technique used to generate passive income by leveraging the power of your idle smartphone. Basically, you install various apps and leave some of them running in the background on your phone, thereby utilizing its processing power to mine cryptocurrencies, complete tasks (such as clicking on bots), or participate in surveys. This way, you can earn a steady stream of income without having to do too much work… usually at the expense of someone else (like advertisers, in those cases where you become (un)willing the perpetrator of click fraud.)

Are click farms real? 

Yes, click farms are as real as it gets. In fact, they are the engine behind a multi-billion problem: click fraud.  Click fraud is the malicious practice of using scripts or bots to repeatedly click ads, causing them to inflate the advertiser’s costs while not bringing any real return. Click farms are often hired by unscrupulous parties to perform such tasks on their behalf. In some cases, they may even be employed by legitimate companies who don’t realize they’re engaging in a deceptive practice. Click farms are generally located in developing countries, where labor is cheap and wages are low. 

Are click farms profitable? 

Unfortunately, click farms are a very lucrative industry,  even though they are often not the most ethical business. Companies can earn a lot of money by hiring click farms to inflate their ad clicks and artificially boost their profits, while advertisers have to bear the losses as a result. Click u0022farmersu0022 themselves, usually located in developing countries (where opportunities are scarce) are frequently employed for very small wages, making click farms a highly profitable activity for their owners.