Buyers often assume that listings in app stores provide the same transparency as web domains. On the web, verification infrastructure is visible and standardized: domains expose ownership signals, developer identity can be traced through metadata, and authorization files make it possible to confirm who is allowed to sell inventory.
Across six platforms where CTV and mobile app inventory originates, ads.txt compliance rates tell that story plainly. On Google Play, 59.8% of apps we crawled have valid ads.txt files. On Roku, that figure drops to 14.1%. In other words, on the web, the gap between the best-performing platform and the worst is clear as day.
App environments operate under a different set of assumptions. The signals buyers rely on to verify this inventory depend entirely on what each platform chooses to expose through its store listings. When those signals are incomplete or absent, the buyer’s ability to validate an environment is significantly weakened.
As advertising spend continues to move into app-based environments, particularly CTV, this issue is becoming more and more pronounced. A significant share of CTV inventory is still bought through direct deals and direct buys, in part because programmatic buying protocols don’t yet provide the same level of assurance buyers are used to on the web. And when buyers can’t reliably trace identifiers back to verifiable infrastructure, they fall back on paths where that trust is established upfront.
Thankfully, the industry already defined what this infrastructure should look like. The question is how consistently it exists across the platforms where app inventory originates.
Why the IAB spec remains relevant
In 2019, IAB Tech Lab introduced the OTT/CTV Store Assigned App Identification Guidelines. Their goal was straightforward: give buyers a reliable way to identify the app where an impression occurred and the developer responsible for it.
Building on these guidelines, DeepSee.io has established a curated set of signals that should appear in app store listings so that verification systems can connect bid requests to actual applications and developers:
- Download counts
- Star ratings
- Rating counts
- Age and content advisory classifications
- Category metadata
- App descriptions
- Developer URL meta-tags
- Bundle ID meta-tags
- Privacy policy availability
When these signals are available, the verification chain becomes easier to follow: a buyer can connect an app identifier in a bid request to a store listing, review the developer behind it, and trace the infrastructure associated with that developer.
The standard did not introduce new technology, however—app stores already maintain this information internally. It simply asked that they consistently make these signals available to the larger programmatic ecosystem.
Five years since, that consistency still varies widely across platforms.
How the major platforms comply (or don’t)
To understand how much of that infrastructure is actually visible, we examined store listings across six major platforms: Google Play, Apple App Store, Amazon Fire TV, Roku, Samsung Smart TV, and LG Smart TV.
Google Play is the only store where all nine signals appear consistently. Buyers reviewing a listing can see the developer information behind an app, inspect its category placement, and access the metadata connecting that app to its broader infrastructure.
Other platforms expose more partial views.
Apple’s App Store, the largest platform in the dataset with roughly 1.37 million apps, does not provide developer URL meta-tags or bundle ID meta-tags in its listings. Those fields normally allow verification systems to connect an app to developer-controlled infrastructure.
Amazon Fire TV listings include many core signals but omit category metadata and age classifications, which limits visibility into the environments where inventory appears.
Roku performs relatively well among CTV-native stores. Listings include developer metadata and several of the signals buyers rely on when evaluating inventory.
The situation changes quickly on other smart TV platforms. Samsung Smart TV listings are missing five of the nine signals measured in the audit. Rating counts, age advisories, and privacy policy signals are absent. LG Smart TV listings are missing four signals, including privacy policy requirements entirely.
When store listings omit this much infrastructure, buyers lose the ability to independently confirm the developer behind an app or the context where inventory runs. The identifier may exist in the bid request, but the metadata needed to validate the environment behind it may not.
How platforms, developers, and buyers can close the gap
Avoiding these consequences requires action from the whole ecosystem.
Platforms need to:
- Expose developer URL and bundle ID meta-tags through store listings
- Require privacy policy URLs for all apps, and provide a structured way for buyers to identify those URLs (ex: a standard “Privacy Policy” clickable link, as appear in most marketplaces)
- Ensure category and age classification metadata remain visible
Developers can help by:
- Hosting privacy policies and developer websites on first-party domains
- Maintaining accurate store metadata tied to their developer identity
And buyers should:
- Verify that bundle IDs resolve to active store listings
- Confirm developer domains before scaling spend in new environments
- Apply greater scrutiny to inventory from platforms where verification signals are limited
These steps won’t eliminate verification risk entirely, but they will make it easier to distinguish inventory that can be independently validated from inventory that cannot.
Observing the verification blind spot
App stores sit at the center of the verification chain for programmatic app and CTV inventory.
When listings expose developer metadata, identifiers, and compliance signals, buyers can connect impressions to the environments where they originate.
When those signals disappear, verification becomes far less certain.
We cover all of this and more in our latest report, The App Environment Verification Blind Spot, which examines how this infrastructure varies across the largest app platforms and where those gaps appear most frequently.
DeepSee.io also now surfaces app-level compliance signals for mobile and CTV apps — including ads.txt status, developer URL trust, and privacy policy infrastructure — using the same signal structure that’s so effective on the web. See how it works in the portal.
