Ad fraud tutorial series: What is click injection?

Digital ad fraud, including click injection, is a growing challenge for mobile app marketers.

Fraudsters are constantly developing new methodologies to deliver fake installs. This series of posts is designed to help app marketers understand the key methodologies for perpetrating mobile ad fraud and how they can detect and defend their businesses against bad actors that would steal digital advertising investment from their brand.

The good news: Singular’s best-in-industry fraud detection suite can catch and eliminate click injection fraud. And we integrate with the Google Play referrer API to make this — and other types of fraud — much harder for the bad guys.

This post is about the challenges that arise from fraudster use of click injection, which is similar to click spamming but not identical.

What is click injection?

The traffic flow for an install is a bit more complicated than for other forms of desirable digital advertising actions. With an install, there are extra steps that need to be considered — steps which provide an opportunity for app ad fraud.

Here’s a brief synopsis of the process in five discrete steps.

1. A user sees an ad and clicks on it, and is redirected to an app store (either Apple App Store or Google Play.) The ad network records the click and sends information about the time the click occurred to the attribution platform.
2. The user downloads the app and installs it on their device
3. The user must then launch the app in order for the install to register with the attribution provider.
4. When the attribution provider receives the signal of an install, it then examines all of the ad signals it has received from ad networks to determine which network(s) deserve credit for that install. In most cases, credit for the install is awarded to the advertiser that delivered the last click before an install.
5. If no clicks have been registered, then the install is counted as an organic install, and no credit is awarded to an advertiser.

Note: with self-attribution media sources, there’s an additional step, but it is not relevant to understanding click injection.

While sometimes apps are launched immediately after an install, in other cases there is a delay of minutes, hours or days. This delay provides fraudulent actors with the opportunity to claim credit for an install even though they actually did not drive it.

Innocuous-looking fraud apps

The trick they use to do this is to encourage users to download and install a seemingly innocuous free app. For example, a flashlight or toolbar app. The app can function as advertised, but its real purpose is to perpetrate click injection fraud.

Often such mobile apps originate in third-party Android app stores.

It does this by listening for an “install broadcast” — a signal that an app has been launched for the first time on a device. The signal can include a campaign id, and the attribution provider uses this to determine which media source drove the last click.

When the install broadcast is sent, the app goes into action, informing the attribution provider that they just registered an ad click for the campaign, even though no click has taken place. By timing the fraudulent click to the moment of install, the fraudster ensures that it is the “last click” — it will get credit for the install when the app is actually launched for the first time.

An android phenomenon

Click injection is a type of ad fraud unique to Android, because only Android sends install broadcast messages to the apps on a user’s device at the moment of first launch. That broadcast is necessary to alert the fraudulent app to send a click signal to the attribution provider.

How click injection hurts your data

The clicks that these fraudulent app claim to have occurred never actually occurred. Instead, they falsely claim credit for installs driven by other ad networks. Thus they can significantly distort attributions and through them budget allocations.

Detecting click injection

The primary way that companies detect possibly injected clicks by examining the timing of the reported click versus the first launch. With click injection, the timings are likely very close to one another. With other installs, the timings tend to take place farther apart, and follow a fairly consistent distribution. This pattern recognition is an important part of how companies detect and prevent ad fraud.

Defending your business against all forms of ad fraud

Click injection is one of the many ways that app businesses can be affected by ad fraud. Here are a few strategies to help you detect ad fraud in a variety of forms, and protect your business from the costs of ad fraud.

• Anti-fraud tools: Some attribution and analytics suites offer tools to help marketers identify and prevent ad fraud. Singular, for example, automatically offers many protections. Such tools often use signals like IP addresses, click and install pattern detection, and activity monitoring to pinpoint campaigns, partners and buying models that are driving suspicious app installs.
• Common sense: A deal that sounds too good to be true is likely to result in low-quality app installs. Marketers must constantly resist the temptation to sign up for media deals that sound too good to be true.
• Focusing resources on trusted partners: Most brands spend a great deal of money on installs. It makes sense, then, to focus dollars on partners that you know and trust.
• Leveraging retention and uninstall data: By comparing the set of user traffic attracted by different media companies, brands can learn a lot about user quality. Low user retention or high uninstall rates increasingly are seen as signals of possible fraudulent activity.
• Use ROI analytics as a primary KPI: When app publishers measure and optimize to ROI, you get both a true picture of the value of the user traffic that you are driving, and a powerful way to optimize your digital advertising investments.

Even a cursory review of this list reveals that seriously addressing ad fraud on your own, including click injection, requires a significant investment of time and money. That’s one of the reasons why companies look to their attribution and analytics providers to carry much of the water. Fortunately, Singular clients are protected from many of the costs and hassles of ad fraud with an unsurpassed set of fraud detection and prevention capabilities.

Singular and ad fraud

Singular offers an industry-leading fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent ad fraud for our clients, read on.

With Singular, app publishers have visibility into ad performance, media investment, and revenue data. That provides unique advantages in detecting and protecting clients from fraud.