ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

Bid-Sniping Bots Are Hurting On-Demand Workers by Grabbing Lucrative Tasks

August 20, 2020 | Automated Threats News & Events

Bot Users Are Abusing Gig Economy Apps

Changing economic conditions, layoffs, and the rise of the mobile app economy ─ boosted by consumers wanting to save time and effort by using on-demand services ─ have spurred the growth of what is being called the ‘gig economy’. Now, anyone with a smartphone and a vehicle, along with some spare time and a desire to boost one’s income, can become a part-time or even a full-time worker, delivering goods and services that consumers order through apps and websites.

Gallup estimates that 36% of US workers now have primary or secondary jobs in the gig economy. Millions of people around the world are resorting to working as freelancers or as independent contractors, driving Uber and Lyft users to their destinations, delivering food and groceries for companies such as Instacart and Grubhub, and carrying out deliveries for Amazon’s Flex program.

Apart from physical work, there has also been steep growth in the online freelance and crowdsourced services industry. Companies such as Clickworker provide outsourced services such as proofreading,conducting surveys, application testing, and text labeling, among other kinds of work. Amazon’s Mechanical Turk is used by many technology-enabled users to get freelance work assignments such as data entry and even CAPTCHA-solving. The ongoing Covid-19 pandemic has forced large sections of the workforce to work from home, which, combined with companies across key industries laying off millions of employees (or even closing down), has hugely increased the demand for home-delivered food, groceries, consumers goods and other essentials across the world.

Clearly, the on-demand services industry is booming. This has boosted the fortunes of companies such as Instacart, GrubHub, DoorDash, Shipt and several other new players in the rapidly-growing on-demand services industry. These companies undertake to get customers’ grocery shopping and other tasks (such as picking up your dry cleaning) done and delivered, usually by their network of freelance workers who apply for task assignments through their portals. Not surprisingly, Instacart has reported a five-fold increase in business this year ─ and its network of shoppers now numbers half a million. DoorDash, GrubHub, Uber Eats and other players have also rushed to augment their workforce to handle the explosive demand for their services.

How do these on-demand services work?

Among the biggest on-demand service providers are Instacart, DoorDash, GrubHub, and Shipt, which outsource tasks to their registered workers through their mobile applications. Freelancers can view and accept tasks on a first-come, first-get basis. Since larger grocery or delivery orders are more lucrative for workers on these platforms, there is fierce competition to snap up big orders to fulfil. This is why some Instacart shoppers are resorting to using bots to grab tasks by buying third-party applications such as Ninja Shopper and SuShopper through the Dark Web. These apps, which are generally prohibited by the terms of service at most on-demand services firms, leverage bots to quickly grab tasks before other workers even get a chance to see them. Such cheater bots, running along with applications such as Instacart or DoorDash on a shopper’s smartphone, are designed to quickly click on large new batches of grocery orders, thereby giving their users more opportunities to earn money.

This activity is a variation on the OWASP automated threat known as ‘Sniping’ ─ but instead of being the last-minute bidder for an item, bots are trying to be the first bidders on batches of freelance work. Bid-sniping is now widespread across gig-economy jobs, as millions of laid-off or underemployed workers frantically tap the ‘Refresh’ button on their apps every few seconds, hoping to snatch large orders or those that involve shorter driving distances, or the potential to earn users bigger tips.

The backlash against bid-sniping bots

Naturally, such tactics have not gone down well with the freelance workforce, which relies on on-demand services to earn their living or to supplement their income. As one of the largest and fastest-growing players in its industry, Instacart is facing increasing criticism in the way its platform is being gamed by bot users who corner lucrative work. Over 10,000 individuals have signed a petition on Change.org, asking Instacart to put an end to this automated bid sniping by shoppers. As of now, Instacart claims to have banned shoppers who use bots to grab deliveries and has attempted to shut down websites used by bot developers who violate Instacart’s terms of service. However, for every sniping app like Ninja Shopper and SuShopper that gets shut down or prevented from accessing gig economy tasks, another app quickly fills the vacuum, as they usually earn their developers hundreds of dollars from buyers looking for more lucrative work.

Though competition is healthy, freelancers and contract workers do not always expect to get a chance to get the best-paying assignments. However, freelancers who use bots to game the bidding systems in on-demand services apps are clearly being unethical, even if there are no laws specifically banning such tactics. Moreover, the growing anger and frustration amongst gig economy service providers will eventually come to a boil, and companies that do not effectively address their problems may end up alienating their workforce and even some of their customers.

Enterprises that require freelance workers to bid on jobs would be well advised to implement a dedicated bot management solution, which could put an end to the practice of automated task sniping. Preventing bots from cheating in on-demand services apps would ensure fair competition between workers and restore their confidence in the companies they are increasingly relying on to earn a living. It would also boost their public reputations as good companies to work for and do business with.


Tags: , , ,

Subscribe to Radware Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

July 3, 2020
Protecting E-commerce Firms from Credential Stuffing and Credential Cracking
January 30, 2020
Bot Management for Online Gaming Protects Players and Businesses
July 2, 2019
C-Suite Survey Shows Growing Awareness of the Impact of Bot Attacks

Step Up and Take Action

Powered by Think201