Ad fraud 2022: what mobile user acquisition experts need to know

By John Koetsier August 25, 2022

Does mobile ad fraud even matter anymore? 

I’m fascinated by how the discussion around mobile ad fraud has somehow left the building, like a digital Elvis, as our conversations turn to SKAN and privacy and all the challenges of modern marketing measurement. Did mobile ad fraud disappear when Apple introduced App Track Transparency? Did the bad guys decide they had enough illicit cash and go lie on a beach in the Caribbean?

Probably not. 

(OK, let me be more direct: certainly not.)

So let’s take a few moments to understand what you need to protect yourself against fraud on Android (just as bad as ever) and iOS (still filled with minefields you need to navigate). And to understand why, if you’re relying on probabilistic attribution via fingerprinting, you’re taking a major, major risk with regard to mobile ad fraud.

Meet the new boss, same as the old boss

Billion-dollar bonanzas from taking credit for clicks, conversions, and installs you didn’t facilitate didn’t just automatically disappear. Fraudsters are still out there, and they’re still gunning for your ad dollars.

And while your best defense might be a keen eye on ROI and ROAS and channels that perform, if someone’s taking credit for another’s success, it might not be immediately obvious on the surface.

That’s why Singular offers over 50 different fraud detection methods, including:

  1. Android install validation
  2. iOS install receipt validation
  3. Android click injection/hijacking protection
  4. Android organic poaching protection
  5. Time-to-install outlier detection
  6. Geo-bleed detection
  7. Hyper-engagement
  8. Blacklisted IPs
  9. Deterministic detection for Android-based device ID reset fraud

Plus, of course, a huge amount of pre-attribution fraud prevention, such as rejection of fraudulent impressions and clicks so marketers and ad partners don’t have to have uncomfortable conversations about billings, and custom rules so marketers can block what they don’t want before it even starts.

That’s all table stakes for competing today, especially on Android. But it’s essential for ensuring your ad dollars do the work you’re intending them to do.

Start with the basics: fraud rules you need to have active

For starters, Singular customer service manager Daniel Camacho says he would definitely recommend starting off with some of the easier fraud rules:

  • Android Organic Poaching Detected
  • iOS Receipt Validation Not Valid
  • Android Click Injection Detected
  • Android Install Validation Not Valid

The validations are basically receipts from Apple and Google indicating an install was validated through their system. They’re not 100% foolproof, but they’re good evidence that an install is real. 

For organic poaching and click injection, it’s relatively simple for Singular to detect something is clearly suspicious. Real people don’t click on multiple ads on multiple publishers, websites, or apps within a minute … why would you click on an ad for the same app you’re already downloading? So these are simple ways to start.

Important note:

If you’re looking at specific partners, however, start these rules by marking installs as suspicious, not as immediately rejected. That way you can run a week’s worth of data and check the results. Does it look and feel right? If so, go ahead and mark them as rejected. Is the overall quantity more than you anticipated, and more than seems right based on your in-app data? Then it’s time for a little more investigation.

The last thing you want to do, Camacho says, is set up your fraud rules to block all suspicious installs and then the next day your install numbers are down 60%. This can happen and literally has. You first want to get more data on activity, so marking installs that don’t pass your rules as suspicious allows you to work from there. This is especially important for apps, where click-to-install times, can take a while.

Also: check OS and app versions

It’s also basic but you’d be surprised how many high-volume pro mobile marketers aren’t doing it: check the OS and app version for installs.


Set up your fraud rules to mark installs from excessively old OS versions as suspicious. You don’t have to reject these, but you want to be aware of what’s going on. If you see a spike in installs from an unusually old mobile operating system, that’s a signal to pay attention to. Especially, of course, if it’s largely coming from one single ad partner.

If you see a really fast click-to-install time for these installs, consider flipping that suspicious flag to a rejected one.

Also, check for app versions. 

Most people on both iOS and Android get their apps updated frequently and regularly without having to lift a finger, especially if they’re on the latest version of their particular mobile operating system. Too many installs from older versions of your app is a signal that something might be off: hackers may have grabbed an older version of your app and could be using that in a virtual bot farm.

And, of course, kosher user acquisition campaigns are targeting the latest version of your app, not some version you released last year.

Note: fingerprinting on iOS opens up a significant ad fraud vulnerability

Apple’s ATT and SKAdNetwork contain mechanisms for validating app installs. That doesn’t make them fraud-free, but it does add significant safeguards. However, SKAN does not validate conversions, so that is something to be aware of.

But for those who are bypassing Apple’s guidelines and running probabilistic attribution based on fingerprinting, watch out.

One form of fraud you can expect to encounter is “probabilistic fraud,” says Singular product manager Omri Barak. Fingerprinting is essentially based on IP and OS versions, which especially on iOS makes it not very unique. It’s actually fairly low-lift for bad buys to create relevant clicks that look right and try to steal the app install attribution. 

In fact, it’s much easier than it used to be: you don’t have to create a click with a specific IDFA to get the attribution. 

One case we saw with a new client in doing a review of their previous attribution data fit this category. Every install for a campaign was attributed to a certain partner … which was suspicious to say the least. Fortunately, it was easily traceable as they all used a specific deferred deep link.

This is, essentially, yet another reason not to use fingerprinting on iOS. As if you needed another one, since apps that do these risk penalties from Apple.

The good news: full transparency

The good news is that in Singular’s reporting, you get full transparency of all ad fraud results in three categories:

  1. Rejected (ad fraud was detected and prevented)
  2. Suspicious (ad fraud potentially found and highlighted)
  3. Protected (attempted ad fraud, with sources and details)

All of which makes ensuring your ad dollars don’t get sent to fraudsters significantly easier. Get more details here.

Stay up to date on the latest happenings in digital marketing

Simply send us your email and you’re in! We promise not to spam you.