Ad fraud tutorial series: What is click injection?

Digital ad fraud, including click injection, is a growing challenge for mobile app marketers.

Fraudsters are constantly developing new methodologies to deliver fake installs. This series of posts is designed to help app marketers understand the key methodologies for perpetrating mobile ad fraud and how they can detect and defend their businesses against bad actors that would steal digital advertising investment from their brand.

The good news: Singular’s best-in-industry fraud detection suite can catch and eliminate click injection fraud. And we integrate with the Google Play referrer API to make this — and other types of fraud — much harder for the bad guys.

This post is about the challenges that arise from fraudster use of click injection, which is similar to click spamming but not identical.

What is click injection?

The traffic flow for an install is a bit more complicated than for other forms of desirable digital advertising actions. With an install, there are extra steps that need to be considered — steps which provide an opportunity for app ad fraud.

Here’s a brief synopsis of the process in five discrete steps.

  1. A user sees an ad and clicks on it, and is redirected to an app store (either Apple App Store or Google Play.) The ad network records the click and sends information about the time the click occurred to the attribution platform.
  2. The user downloads the app and installs it on their device
  3. The user must then launch the app in order for the install to register with the attribution provider.
  4. When the attribution provider receives the signal of an install, it then examines all of the ad signals it has received from ad networks to determine which network(s) deserve credit for that install. In most cases, credit for the install is awarded to the advertiser that delivered the last click before an install.
  5. If no clicks have been registered, then the install is counted as an organic install, and no credit is awarded to an advertiser.

Note: with self-attribution media sources, there’s an additional step, but it is not relevant to understanding click injection.

While sometimes apps are launched immediately after an install, in other cases there is a delay of minutes, hours or days. This delay provides fraudulent actors with the opportunity to claim credit for an install even though they actually did not drive it.

Innocuous-looking fraud apps

The trick they use to do this is to encourage users to download and install a seemingly innocuous free app. For example, a flashlight or toolbar app. The app can function as advertised, but its real purpose is to perpetrate click injection fraud.

Often such mobile apps originate in third-party Android app stores.

It does this by listening for an “install broadcast” — a signal that an app has been launched for the first time on a device. The signal can include a campaign id, and the attribution provider uses this to determine which media source drove the last click.

When the install broadcast is sent, the app goes into action, informing the attribution provider that they just registered an ad click for the campaign, even though no click has taken place. By timing the fraudulent click to the moment of install, the fraudster ensures that it is the “last click” — it will get credit for the install when the app is actually launched for the first time.

An android phenomenon

Click injection is a type of ad fraud unique to Android, because only Android sends install broadcast messages to the apps on a user’s device at the moment of first launch. That broadcast is necessary to alert the fraudulent app to send a click signal to the attribution provider.

How click injection hurts your data

The clicks that these fraudulent app claim to have occurred never actually occurred. Instead, they falsely claim credit for installs driven by other ad networks. Thus they can significantly distort attributions and through them budget allocations.

Detecting click injection

The primary way that companies detect possibly injected clicks by examining the timing of the reported click versus the first launch. With click injection, the timings are likely very close to one another. With other installs, the timings tend to take place farther apart, and follow a fairly consistent distribution. This pattern recognition is an important part of how companies detect and prevent ad fraud.

Defending your business against all forms of ad fraud

Click injection is one of the many ways that app businesses can be affected by ad fraud. Here are a few strategies to help you detect ad fraud in a variety of forms, and protect your business from the costs of ad fraud.

  • Anti-fraud tools: Some attribution and analytics suites offer tools to help marketers identify and prevent ad fraud. Singular, for example, automatically offers many protections. Such tools often use signals like IP addresses, click and install pattern detection, and activity monitoring to pinpoint campaigns, partners and buying models that are driving suspicious app installs.
  • Common sense: A deal that sounds too good to be true is likely to result in low-quality app installs. Marketers must constantly resist the temptation to sign up for media deals that sound too good to be true.
  • Focusing resources on trusted partners: Most brands spend a great deal of money on installs. It makes sense, then, to focus dollars on partners that you know and trust.
  • Leveraging retention and uninstall data: By comparing the set of user traffic attracted by different media companies, brands can learn a lot about user quality. Low user retention or high uninstall rates increasingly are seen as signals of possible fraudulent activity.
  • Use ROI analytics as a primary KPI: When app publishers measure and optimize to ROI, you get both a true picture of the value of the user traffic that you are driving, and a powerful way to optimize your digital advertising investments.

Even a cursory review of this list reveals that seriously addressing ad fraud on your own, including click injection, requires a significant investment of time and money. That’s one of the reasons why companies look to their attribution and analytics providers to carry much of the water. Fortunately, Singular clients are protected from many of the costs and hassles of ad fraud with an unsurpassed set of fraud detection and prevention capabilities.

Singular and ad fraud

Singular offers an industry-leading fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent ad fraud for our clients, read on.

With Singular, app publishers have visibility into ad performance, media investment, and revenue data. That provides unique advantages in detecting and protecting clients from fraud.

8 reasons why digital marketers need need need granularity (from experts at Kabam, Yelp, Nexon, Postmates, & N3twork)

Pebbles on a rocky beach are granular. The white sugar that we all hate to love is granular. The stars of the Milky Way that smudge together into a glorious sheet of light are, under closer inspection by a powerful telescope, also granular.

And so is the very best of digital and mobile marketing.

Why?

“Granularity sustains profitable scale,” says Singular’s Vice President of Customer Strategy Victor Savath. “Without granularity, you can scale… but it’s hard to monitor quality.”

Granularity is important both cross-channel and within channels, Savath said recently at UNIFY conference, where he interviewed experts from Yelp, Kabam, Postmates, Nexon, and N3twork on the topic. It’s important for creative. Granularity is also important for bids and CPIs. It’s critical to evaluating publishers and sub-publishers. And it’s something that impacts your daily budgets.

But exactly what is granularity?

And what does it achieve for digital marketers?

And … how has the concept of granularity changed with iOS 14.5 and SKAdNetwork?

Granularity in digital marketing can be defined as the ability to dissect big blocky chunks of marketing activity and ad buys to see the smaller building blocks. For example:

  • If your ad campaign is spread over 15 different agencies, you can view each one individually
  • If each agency uses multiple ad networks, you can see how each is performing
  • If each ad network employs different publishers and sub-publishers in your campaign, you can dive into sub-publisher metrics
  • If you’re using varying creatives and forms of targeting, you can see how each performs
  • As users or customers engage, you can see their journey and react personally to their preferences and needs

As you can see in the video from UNIFY, experts from top mobile companies had a lot to say about the concept of granularity. Here are eight things they highlighted:

 

1. Granularity tells you how to maximize channels

Clearly, seeing which ad network or publisher is providing the best results is a good thing. But it’s sometimes even more important to really understand what’s working within a network or publisher.

“Obviously Facebook is the biggest social channel, but Pinterest, which is often overlooked, is an interesting play,” says Yelp’s Head of Performance, Eyal Grundstein.

The key to unlocking performance for Yelp on Pinterest was experimentation… and granularity.

Initial generic campaigns produced generic results, but when Yelp started targeting “odd things” like nail salons, click-through rates jumped 5X. Another finding: tattoos are huge on Pinterest, because people search for tattoos that they’ll consider. Targeting on tattoos and showing tattoos in the ads boosting conversions 10X.

“You can be granular not only in the targeting but also in the copy,” Grundstein says.

 

2. Granularity tells you which publishers are performing

Most ad networks fulfill impressions and conversions for their clients by purchasing inventory from publishers or sub-publishers. When this happens, sometimes advertisers lose the ability to optimize for maximum performance because they either lack the capability or are not looking below the top line campaign numbers to the sub-publisher results.

Hint: some will be rock stars; some will be duds.

“We have a two to three times per week process of pruning out the low performers,” says Eric Seufert, Platform at N3twork. “We kill them at the line-item level if they’re not performing.”

That process does vary from week to week, Seufert says, as publishers change. There’s some natural variance between good, acceptable, and bad, so some level of discretion is warranted. Still, the overall learning remains: advertisers need to be able to probe down to sub-publisher levels to really fine-tune performance.

 

3. Granularity helps you avoid ad fraud

Granularity is table stakes for avoiding fraud, says Grundstein. Impression-level data, for instance, is an absolute must.

It’s also a way to tie the technicalities of adtech to the ground-truth realities of customers, users, and your product. And there’s no better way, says Warren Woodward, Nexon’s Executive Director of User Acquisition, to really see what’s going on.

“Show me this ad in the wild,” Woodward will often ask his ad partners. “It’s amazing how many sources break down when you ask them… where is your traffic? Can you show it to me?”

And, just as source-level data allows you to pinpoint top performers, it also allows you to isolate potential fraud. Especially when you explicitly state your goalposts in the ad insertion order:

“This game that usually has a 90% tutorial completion… if we see a source as over ‘x’ number of installs and [it] deviates from that norm by over 50%… we’re going to consider that incentivized or some other type of fraud,” says Woodward.

 

4. Granularity helps you avoid bidding against yourself for adspace

Granularity on the publisher level helps us to “strategize and understand where not to overbid or bid against yourself,” says Yelp’s Head of Performance, Eyal Grundstein. “For example, if you’re buying on two different DSPs and they’re both buying on Mopub… they will bid up against each other potentially, especially on a particular placement if there is enough volume or if it is relevant enough.”

In other words, the ad space is complex and busy. And if you’re a significant advertiser, you’re probably using anywhere from ten to over a hundred advertising partners, which means you could potentially have campaign collisions.

There’s only one thing less cool than ad fraud, and that’s bidding against yourself.

 

5. Granularity helps you customize to different geographies

Country and regional level data is critical when marketing, says Kabam’s Director of User Acquisition, Andy Park.

“How people consume media across geos is different,” Park says, noting that people in China like to like and comment on ads, particularly on Tiktok, the country’s top video platform. “[One] ad got 37,000 likes and 600 comments in two days.”

Creatives come in many different sizes, shapes, and user experiences, Park says. The key is being able to present different creatives to different audiences, and react appropriately depending on which ones work.

This also enables regional targeting, says Postmates’ Director of User Acquisition Patrick Witham.

“We operate city-level targeting,” Witham says, while noting that there are some limitations with ad network data for geotargeting.

Separating campaigns for different geographies can also make overall campaign analytics more challenging, he added, and does put some limits on scale. However, tighter targeting almost always leads to better results, and “specificity drives conversions.”

 

6. Granularity allows you to “try wild things” and still be successful

Some of the best things you’ll do in marketing are crazy.

At least, at first glance.

“Our approach has been to build tools that allow us to be radically experimental,” says N3twork’s Seufert. “We’re building about 50 videos a week… we deploy them to test and then deploy more universally.”

Some of those videos are going to be incredible. Some are going to be horrible. But by building the engine to enable creativity at scale and fast failure, N3twork is opening itself up to those rare oddball explosions of lightning in a bottle that drive mass conversions.

Nexon’s Woodward agrees.

“Try wild things,” he says. “You want something that’s going to stand out… when you have a completely different experience, it’ll be the biggest winner or a complete loser.”

One example for Nexon was an ad that featured almost no gameplay — an extreme rarity in the mobile game ad world. Instead, it simply showed fans talking about the game. Essentially, it broke every rule… and it was the company’s biggest winner.

“It carried about a quarter of our user acquisition,” says Woodward.

 

7. Granularity helps you avoid poorly performing genres of publishers

Sometimes you want to avoid one publisher in particular. Sometimes, though, you want to avoid an entire genre of publishers.

That’s exactly the scenario that Kabam’s Park found himself in (watch the video for full details… including precisely what he was trying to avoid.

Some things just don’t work for your company, your brand, your product, or your app. And granularity enables you to avoid them.

 

8. Granularity helps you test creative versus creative

Every marketer wants to know which ad units are performing. That’s table stakes… and yet also an example of granularity.

Smart marketers also want to know their conversions from different creative types: banner, text, interstitial, video… and playable ad. You just might be surprised at what you find.

For example, playable ads doubled Nexon’s app installs from one particular source, says Executive Director of User Acquisition Warren Woodward.

“Now we’re making as many playables as possible,” Woodward says. “If you’re not games, think about other ways you can make interactive ad units. The rest of us are… you won’t be in the game if you’re not.”

 

But what about iOS 14.5 and SKAdNetwork?

Old-school mobile marketing relied on granular device-level data to get detailed data on impressions, clicks, installs, and post-install activity, and on iOS that is no longer all relevant. (For now Android is business as usual.) On devices running iOS 14.5 and later (which is now almost all devices) you can only get that level of data if people opt in to tracking … which you can only know after they install your app.

For that reason — and the fact that 75-85% of people are not allowing tracking via the App Tracking Transparency pop-up — your best source of data arrives via Apple’s SKAdNetwork data.

The good news for mobile marketers: it’s deterministic.

The bad news: it’s incomplete by design, it arrives at variable times, it’s adopted with different practices and policies across different ad networks, and it’s explicitly not device level in order to be privacy-safe.

This doesn’t mean marketing optimization on iOS is over. It does mean that mobile growth marketers need to use new ways of measuring advertising and marketing success and learn to be comfortable with a certain missing layer of granularity. However, using Singular SKAN, marketers can still get good, usable, reliable data on which to base marketing optimization tactics.

 

Summing up

Granularity isn’t just a nice-to-have. It’s an incredibly useful attribute for marketers who want to scale profitably.

The good thing: it’s easy to get on Android.

The challenge: you have to work for it — and earn it — on iOS, and in some cases, you simply can’t get it.

Dig deeper: See how the best growth marketers succeed.

Singular ROI Index 2019: The unmissable advertising ROI webinar

Singular’s ROI Index is the largest study that ranks top ad networks globally based on their ability to deliver ROI for advertisers. We’ve already published the Index and made it available to the world, giving you the ability to find the best advertising ROI available.

But now it’s time to dig deeper.

This webinar goes beyond the Index to talk about not only where individual media sources rank, but also what some of the key differentiators are.

Meet the experts

To do that, we’re going to bring in the experts: Susan Kuo, Brian Sapp, and Christen Luciano. (Yours truly, John Koetsier, VP of Insights at Singular, will moderate.)

Susan and Christen have deep insight into how various ad partners performed in the Index. Brian has an even deeper insight into what mobile marketers look for, and what they need in terms of advertising ROI from ad networks.

Susan Kuo
COO, Head of Business Development
Susan has an extensive background in mobile ad tech, analytics, and gaming. Prior to Singular, Susan held senior leadership roles at Onavo and InMobi. Susan is an active member of the mobile community and serves on the advisory board for several mobile-focused start-ups.

Brian Sapp
VP, User Acquisition Marketing, Jam City
A mobile veteran with previous roles at Tapjoy and Web Games, Brian manages user acquisition for Jam City, which currently has six of the top 100 highest-grossing games across the App Store and Google Play.

Christen Luciano
Director of Partner Development
Christen oversees Singular’s relationships with key partners. Prior to Singular, she was a product marketing manager with Kenshoo and held multiple additional marketing roles. Her focus is collaborating with top marketing platforms to help advertisers grow reach and maximize performance.

We’ll review the 2019 Singular ROI Index, but also talk about fraud, things marketers need to know about their ad campaigns, some of the biggest surprises, and the role SANs (self-attributing networks like Facebook and Google) should play in marketers’ ad campaigns alongside some of the mid-tier players.

Advertising ROI is critical, of course, but it doesn’t happen in a vacuum.

So we’ll also talk about how to find niches of profitable growth, new innovative players, and what to look out for.

One of the things that the 2019 Singular ROI Index makes very clear is that Snap and Twitter have made significant moves recently in terms of the value they offer to advertisers. We’ve seen that in their recent quarterly reports: Snap grew quarterly revenue almost $100 million year over year, and Twitter had record quarterly earnings.

We’ll talk about what we’re seeing in the platforms that is driving increased advertiser adoption, and we’ll talk about everything else the Index reveals about advertising ROI.

Top Takeaways From Singular’s ‘Spot the Fraud’ Event

Singular recently hosted our first-ever “Spot the Fraud” event, where mobile marketing and product leaders from companies like Airbnb, Instacart, Postmates and N3TWORK gathered to discuss the future of mobile ad fraud prevention.

At the event, Singular CEO Gadi Eliashiv unveiled Singular’s enhanced Fraud Prevention Suite as well as The Singular Fraud Index, a first-of-its-kind study revealing the industry’s most effective fraud prevention methods along with the 20 mobile ad networks driving the lowest rates of fraud.

The full presentation can viewed by clicking here and below are the top takeaways from the presentation.

Mobile Marketers, Still Unprotected

In the process of analyzing fraud data from hundreds of the world’s largest mobile apps, Singular’s Fraud Prevention Team uncovered a startling stat: 63 percent of marketers do not utilize fraud prevention techniques in their mobile marketing systems. Part of the blame lies with analytics providers that treat fraud prevention as a luxury, offering it to marketers as a “premium” add-on rather than a feature deeply embedded in the core platform. Equally problematic is the complexity of existing fraud offerings — for instance, attribution platforms that place the burden on marketers to run their own statistical analysis to detect fraud.

The Threat of Attribution Manipulation

Today the majority of mobile ad fraud is perpetrated via attribution manipulation, whereby fraudsters steal credit for installs from organic and paid channels. Each month, attribution manipulation attacks account for roughly 70 percent of prevented ad fraud, recent data from Singular shows, costing ad networks and marketers money and corrupting performance data in the process.

But big tech players are working to fix the analytics holes that have allowed fraudsters to steal credit for installs. For instance, Google’s latest analytics release, the Google Play Referrer API, helps marketers and their attribution providers combat attribution manipulation with Referrer and Timestamp data received directly and securely from Google.

Fraud Keeps Getting Smarter

Singular’s Fraud Prevention Team uncovered a new form of fraud being perpetrated by malicious mobile apps, some of which have millions of users. This form of fraud, called Referrer Injection, leverages Android’s internal messaging system to inject a fake referrer into an attributed ad click, thereby assigning credit to the fraudulent source. Because attribution systems prioritize referrer messages over other touchpoints, Referrer Injection is a particularly effective way for fraudsters to steal credit. Thankfully, Google’s new Referrer API allows Singular to stamp out this form of ad fraud. However, Referrer Injection highlights the fact that marketers must reject complacency given the constantly evolving threat of fraud and implement fraud solutions that adapt to increasingly sophisticated fraud tactics.

Safe Havens

Even with fraudsters siphoning off billions from advertising budgets each, there are safe havens for mobile ad dollars. Singular analyzed mobile ad fraud data anonymously collected from mobile marketers within a 30-day range to identify the most secure mobile media providers, or those with the least fraud. The 20 most secure media providers are capable of driving both significant volume to marketers while keeping fraud rates well below the industry average. To view the complete list of of mobile ad networks driving the lowest rates of fraud, download the full report here.

Comprehensive Protection

As The Singular Fraud Index shows, currently there isn’t one fraud prevention method that reigns supreme in blocking the majority of mobile ad fraud. Singular’s breakdown of the most effective fraud prevention methods reveals that the marketing industry uses a handful of prevention methods to combat mobile ad fraud, with each method blocking its share of total fraud prevented each month.

That’s why Singular’s new Fraud Prevention Suite utilizes all known prevention methods to provide maximum protection against existing fraud threats as well as unknown threats to come.

“You don’t want to chase fraud manually,” Gadi said in his presentation. Marketers don’t have the time and, in most cases, the expertise to identify what is fraud and what is legitimate activity.

Singular is excited to equip its customers with a transparent, flexible and proactive fraud solution that analyzes countless fraud signals at the most granular levels and automatically applies rules at the time of attribution to stop fraud in its tracks, keeping sources clean and media budgets focused on quality users.

Learn more about Singular’s enhanced Fraud Prevention Suite here and download The Singular Fraud Index here.