ad fraud Archives

Apple Aims to Protect Data Privacy with SKAdNetwork

Wondering what Apple’s new privacy enhancements mean for you?
Watch our on-demand webinar iOS 14 & IDFA Changes: What you need to know

Quietly rolled out by Apple on March 29th, 2018 with their iOS 11.3 release, SKAdNetwork is an API that validates advertiser-driven mobile app installs. In Apple’s documentation, it’s stated that SKAdNetwork’s objective is to help marketers to measure the success of an ad campaign while maintaining user privacy.

What’s different about the SKAdNetwork API?

SKAdNetwork is a class that belongs to the StoreKit framework; Apple’s In-App Purchase Payment System that manages transactions for In-App Purchases. After installing the app, Apple shares only 5 items with the advertiser: ad network ID, transaction identification, ad campaign ID, app ID installed, and attribution code to link all.

Source: Apple Developer Documentation

There are two key postbacks associated with SKAdNetwork:

Initiating Install Validation: This Informs an ad network when users install and launch an app after viewing an ad. Ad networks initiate validation by providing signed information, including a campaign ID, when displaying the ad. Later, if the ad results in a conversion, Apple notifies the ad network with a postback that includes the same campaign ID.
Verifying an Ad Conversion: When a user installs and launches an app as a result of your ad, you receive a postback request that validates the installation. The request is sent to the ad network URL provided in registration.

What does this mean for advertisers?

It’s still too early to predict how SKAdNetwork will play out. Adding to the mystery, Apple has been very hush-hush about their motives and the rollout of SKAdNetwork. However, we think there are a few possible ways this could play out:

1. Apple doesn’t actively push SKAdNetwork, it doesn’t garner significant adoption, and nothing changes in the mobile marketing space.

One possible scenario could be that Apple doesn’t actively push SKAdNetwork to advertisers, resulting in minimal adoption. In this scenario, there wouldn’t be any significant change in the way that app marketers manage their attribution.

2. Apple pushes SKAdNetwork and Google follows suit with their own version.

Another scenario is that Google follows suit with its own version of the ad network API. This scenario could play out a few different ways:

Apple and Google don’t build out a robust attribution solution, which results in a lack of adoption by app marketers. Apple has made its mark in the world thanks to being an extraordinary and innovative hardware company, but they have never been accountable for providing analytics and insights to app marketers. If Apple and Google do not develop all the features that are necessary for an end-to-end attribution solution, (e.g. data extraction, all postback types, flexible attribution windows, easy BI integrations) then the industry will not adopt their solutions.
Apple and Google develop all the functionality needed for a robust attribution solution, leaving third-party mobile app attribution providers to potentially die-off in their current form. Who can compete with the operators of the mobile app stores we attribute from anyway? However, advertisers may still lose out in this scenario because they might encounter more complexities coming from running attribution on two separate platforms. The winners in this scenario would be third-party mobile app attribution providers that offer value-added services such as connecting multiple networks into a single view and aggregating all necessary features into a single API.

3. Apple pushes SKAdNetwork but Google does nothing.

In a third possible scenario, Apple could actively push SKAdnetwork to advertisers, while Google doesn’t follow suit with their own version. This would still result in complexities for advertisers who would need to manage attribution programs in silos across different OSs.

In this scenario, marketers would turn to attribution providers who could help them gather data from multiple sources, standardize it, and aggregate it into a single ROI dashboard.

So what’s going to happen?

It’s unfortunately too early to say, but one thing is clear: Apple wants to enhance users’ privacy. Apple has clearly positioned itself as a top privacy-conscious company and will continue to hold this stance as data privacy becomes more top-of-mind in the industry.

The different faces of mobile ad fraud

Digital ad fraud is estimated to have cost US marketers $6.5 billion in 2017 (Marketing Week 2017). Fraud prevention is not only a nice to have but a necessity nowadays.

Ad fraud is when an individual or group attempts to defraud advertisers, publishers or supply partners, by exploiting advertising technology with the objective of stealing from advertising budgets. It is particularly challenging for marketers to deal with because it comes in variable forms and it has the capacity to evolve and bypass the latest prevention methods.

Today, there are two forms of fraud in particular that app marketers are grappling with: Fake Users and Attribution Manipulation.

Fake Users

Fraudsters use bots, malware and install farms to emulate clicks, installs, and in-app events, causing advertisers to pay for an activity that is not completed by a real user.

Fake User fraud is most commonly perpetrated via:

Install farms, which consist of humans who are paid to manually install and engage with apps across a large number of devices.

Mobile device emulators that simulate a large number of unique device IDs used in fake installs.

Data centers that host scripts to generate fake installs and other types of events at massive scale.

Proxy servers that are used to reset IP addresses and spoof device-level information (like location, to emulate installs in other countries)

Attribution Manipulation

Fraudsters steal credit for installs by sending fraudulent clicks, which results in attribution systems recording sent clicks as the last engagement prior to the first time an app is opened, thus assigning credit to the fraudulent source and removing credit from an app’s organic or paid sources.

Attribution manipulation is a particularly harmful form of fraud because it not only costs marketers their spend, but it also corrupts performance data, causing marketers to make misguided acquisition decisions.

For example, the damage inflicted by a fraudulent source poaching organic users is twofold: an event reduces the number of organic users in a marketer’s analytics, as well as the perceived impact of organic user traffic on revenue growth. This can cause organizations to shift marketing away from efforts that target organic acquisition such as ASO or content marketing. Additionally, this can make a marketer invest more money in the fraudulent source, thereby diverting spend away from high-performing channels that drive legitimate traffic.

Attribution Manipulation is most commonly perpetrated via:

Click Injection

When fraudsters create apps that are legitimately downloaded by a user but, unbeknownst to the user, monitor the user’s device for installs and insert fake clicks before an app is first opened.

Click Spamming

This occurs when fraudsters send large numbers of fraudulent click reports with real device IDs in an attempt to poach organic users by delivering the last engagement prior to an install. Because attribution windows are typically limited to finite time periods, fraudsters often re-send fraudulent click reports in order to maintain their clicks as the last engagements within the attribution window.

While click injection is focused on sending clicks at the moment immediately before an app is first opened, click spamming is focused on sending clicks that contain a unique device ID in the hope that an ID matches that of an organic user who subsequently downloads the app. Compared to click spamming, click injection is a more sophisticated form of fraud that is easier for fraudsters to control and to hide. Because click injection receives signals that an app has been installed directly from a user’s device, click injection attacks are more targeted and therefore deliver better results for fraudsters.

Thankfully there are indicators to detect such scenarios. Since click injection generates a click after installation is complete, it tends to result in a short click-to-install time. Click spamming, on the other hand, results in abnormally long click install time, due to clicks lingering in the attribution system until a device with a matching ID organically installs the app. TTI analysis is one of the leading mechanisms to fight attribution manipulation and fraud in general.

Other forms of Attribution Manipulation also exist, including:

Network Click Fraud

Networks that report a click when only an impression occurred.

Fingerprinting Fraud

A technique that targets organic users for fraudsters to send clicks with no advertising IDs, causing attribution systems to fall back on fingerprinting — which relies on identifiers like IP address, device model, and OS version — to perform attribution. If an organic user on the same network installs the app, and other identifiers match up, the fraudulent source steals credit for the install from the organic source.

More info

Want to get the full scoop on mobile ad fraud prevention, including a list of the most secure ad networks for app marketers, and the most effective fraud prevention methods?

Check out the Singular Fraud Index; the first of its kind to utilize mobile fraud data collected from multiple attribution providers and fraud prevention tools.

Top Takeaways From Singular’s ‘Spot the Fraud’ Event

Singular recently hosted our first-ever “Spot the Fraud” event, where mobile marketing and product leaders from companies like Airbnb, Instacart, Postmates and N3TWORK gathered to discuss the future of mobile ad fraud prevention.

At the event, Singular CEO Gadi Eliashiv unveiled Singular’s enhanced Fraud Prevention Suite as well as The Singular Fraud Index, a first-of-its-kind study revealing the industry’s most effective fraud prevention methods along with the 20 mobile ad networks driving the lowest rates of fraud.

The full presentation can viewed by clicking here and below are the top takeaways from the presentation.

Mobile Marketers, Still Unprotected

In the process of analyzing fraud data from hundreds of the world’s largest mobile apps, Singular’s Fraud Prevention Team uncovered a startling stat: 63 percent of marketers do not utilize fraud prevention techniques in their mobile marketing systems. Part of the blame lies with analytics providers that treat fraud prevention as a luxury, offering it to marketers as a “premium” add-on rather than a feature deeply embedded in the core platform. Equally problematic is the complexity of existing fraud offerings — for instance, attribution platforms that place the burden on marketers to run their own statistical analysis to detect fraud.

The Threat of Attribution Manipulation

Today the majority of mobile ad fraud is perpetrated via attribution manipulation, whereby fraudsters steal credit for installs from organic and paid channels. Each month, attribution manipulation attacks account for roughly 70 percent of prevented ad fraud, recent data from Singular shows, costing ad networks and marketers money and corrupting performance data in the process.

But big tech players are working to fix the analytics holes that have allowed fraudsters to steal credit for installs. For instance, Google’s latest analytics release, the Google Play Referrer API, helps marketers and their attribution providers combat attribution manipulation with Referrer and Timestamp data received directly and securely from Google.

Fraud Keeps Getting Smarter

Singular’s Fraud Prevention Team uncovered a new form of fraud being perpetrated by malicious mobile apps, some of which have millions of users. This form of fraud, called Referrer Injection, leverages Android’s internal messaging system to inject a fake referrer into an attributed ad click, thereby assigning credit to the fraudulent source. Because attribution systems prioritize referrer messages over other touchpoints, Referrer Injection is a particularly effective way for fraudsters to steal credit. Thankfully, Google’s new Referrer API allows Singular to stamp out this form of ad fraud. However, Referrer Injection highlights the fact that marketers must reject complacency given the constantly evolving threat of fraud and implement fraud solutions that adapt to increasingly sophisticated fraud tactics.

Safe Havens

Even with fraudsters siphoning off billions from advertising budgets each, there are safe havens for mobile ad dollars. Singular analyzed mobile ad fraud data anonymously collected from mobile marketers within a 30-day range to identify the most secure mobile media providers, or those with the least fraud. The 20 most secure media providers are capable of driving both significant volume to marketers while keeping fraud rates well below the industry average. To view the complete list of of mobile ad networks driving the lowest rates of fraud, download the full report here.

Comprehensive Protection

As The Singular Fraud Index shows, currently there isn’t one fraud prevention method that reigns supreme in blocking the majority of mobile ad fraud. Singular’s breakdown of the most effective fraud prevention methods reveals that the marketing industry uses a handful of prevention methods to combat mobile ad fraud, with each method blocking its share of total fraud prevented each month.

That’s why Singular’s new Fraud Prevention Suite utilizes all known prevention methods to provide maximum protection against existing fraud threats as well as unknown threats to come.

“You don’t want to chase fraud manually,” Gadi said in his presentation. Marketers don’t have the time and, in most cases, the expertise to identify what is fraud and what is legitimate activity.

Singular is excited to equip its customers with a transparent, flexible and proactive fraud solution that analyzes countless fraud signals at the most granular levels and automatically applies rules at the time of attribution to stop fraud in its tracks, keeping sources clean and media budgets focused on quality users.

Learn more about Singular’s enhanced Fraud Prevention Suite here and download The Singular Fraud Index here.

Why some ad networks are taking ad fraud way more seriously

At a private event hosted by Singular earlier this month, mobile marketing leaders from Airbnb, Instacart, Sephora and more discussed recent trends in mobile ad fraud prevention. Among the most talked-about subjects was the growing threat of attribution manipulation and how it is pushing some ad networks to step up their efforts in the fight against mobile ad fraud.

“When installs are stolen from legitimate sources, ad networks become the victims of theft too,” said Yevgeny Peres, VP of Growth at IronSource. Payments that should have gone to ad networks for legitimate installs get diverted to fraudulent sources, costing the ad networks money and corrupting marketers’ performance data in the process.

As ad networks have seen attribution manipulation affect their bottom line, their incentive to fight fraud has become more closely aligned with that of marketers.

Fraudsters also steal credit from organic sources, causing advertisers to pay fraudulent sources for organic traffic. “When the KPIs of users attributed to a certain publisher are similar to the KPIs of your organic traffic, it’s usually too good to be true, and a sign that the publisher is stealing credit from your organic sources,” Peres said.

“It’s very hard for marketers to identify the channels that are actually controlling the full funnel of ad serving, as the right due diligence on each partner just isn’t out there,” Peres added. Singular’s Fraud Index — which was presented at the event — aims to add some transparency to the mobile fraud landscape by highlighting the 20 mobile ad networks driving the lowest rates of ad fraud.

Peres was joined on stage by UA leaders from Postmates and N3TWORK who discussed the challenges faced by mobile marketers in preventing mobile ad fraud.

Patrick Witham, who leads user acquisition at Postmates, spoke about the importance of developing a strong relationship with ad networks and including clauses in ad partner agreements that make it easier to process refunds for fraud. “In many cases, the ease with which you can recoup money for fraudulent installs really comes down to your relationship with the network,” Witham said.

Nebojsa Radovic, Director of Performance Marketing at N3TWORK, pointed out some tell-tale signs that a network might drive fraudulent activity. “When someone reaches out saying they can drive you 30 cent installs, you usually know something is off,” he said. “Often these networks have no idea where their traffic is actually coming from.”

At the event, Singular announced an enhanced version of its Fraud Prevention Suite aimed at helping resource-constrained marketing teams block fraud in real-time, before it can wreak havoc on their budgets and analytics. Singular’s fraud prevention suite utilizes all known prevention methods to ensure maximum protection against existing fraud threats as well as unknown threats to come.

“Time is the biggest problem,” Radovic added. “Most marketing teams just don’t have the resources to figure out what’s real and what is fraud.” With Singular’s enhanced Fraud Prevention Suite, now available to all Singular customers, Singular is hard at work solving this problem.

Download The Singular Fraud Index to see The Industry’s Most Active Fraud Prevention Methods & The 20 Most Secure Mobile Ad Networks

Singular integrates Google Play referrer API: A major step forward in the fight against mobile ad fraud

Singular is excited to announce our integration of the new Google Play Referrer API, a new way to securely retrieve install data from the Google Play Store that will dramatically weaken fraudsters’ ability to steal credit for app installs.

The Google Play Referrer API, which is now fully integrated into the Singular platform, will allow mobile measurement providers to effectively eliminate click injection fraud as a threat to mobile marketing budgets. Singular has been working closely with Google on the API along with a select team of mobile measurement partners.

As Singular’s landmark study on mobile ad fraud recently revealed, click injection attacks account for at least 35% of prevented ad fraud each month, making click injection the single largest threat to mobile advertisers today.

In click injection schemes, fraudsters create malicious apps that are legitimately downloaded by a user but, unbeknownst to the user, monitor the user’s device for app installs. Upon detecting an install, fraudsters steal credit from paid and organic sources in multiple ways:

They send fake clicks that get recorded as the last click, thereby earning credit for the install.
More sophisticated fraudsters also leverage Android’s internal messaging system to send their fake click’s Referrer to the app. Because attribution systems prioritize referrer messages over other touch points, this is a particularly effective way for fraudsters to steal credit for the install.

With the Google Play Referrer API, Singular now protects against both of these attacks with secure Referrer and Timestamp data made available in the new API.

Referrer Verification

Referrer data provides a unique and versatile mechanism to deal with click injection and click spamming attacks, as it enables attribution providers to know, upon install, which click led to the store session in which the user installed the app.

An investigation by Singular’s Fraud Research Team also uncovered an attack named Referrer Injection, which leverages a security hole in the old implementation of this mechanism. Google’s new API addresses this issue and takes the industry another step forward in the fight against advertising fraud.

A secure referrer allows Singular to generate a unique referrer for every click in real time while redirecting to the Play Store. The new API also provides a more robust way for Singular to access the referrer information ensuring better coverage and less attributions with no referrer information.

New Timestamps in the Google Play Referrer API

But not all clicks contain referrer data. In the case of organic traffic, or users who land directly in the Play Store, attribution providers don’t receive an ad click and therefore receive no Referrer data to verify.

In these cases attribution providers may lean on measuring the time between an ad click and an install to prevent the fraudulent activity. This method, often called Time to Install (or TTI in short), has proven problematic in the past as it’s hard to decide on the correct thresholds and balance between blocking click injection and accidentally blocking legitimate clicks.

Here, too, the Google Play Referrer API has made such prevention methods dramatically more effective by providing timestamps for different stages in the process, enabling these methods to become much more accurate and deterministic.

Two new timestamps in Google’s new API allow attribution systems to now see when:

A user opens the Google Play Store; and
When a user clicks install in the Play Store.

Here’s an example of the timestamps currently received by Singular following our integration with the Referrer API, with the new timestamps in bold:

User clicks an ad [10:15:01]
Google Play Store opens [10:15:02]
User clicks install in the Play Store [10:15:05]
User opens the app for the first time [10:15:37]

Injected clicks will arrive after Timestamp #3, when the malicious app receives a notification that an install has begun on the user’s device and starts sending fake clicks. Once the user opens the app for the first time the attribution provider would receive Timestamp #2 and all clicks that occurred after that time will be rejected. In such cases, fraudsters have essentially lost their window to inject clicks to steal organic traffic.

We applaud the Google Play Referrer API and Google’s commitment to equip advertisers and their attribution providers with the information they need to enhance mobile ad fraud prevention.

For an in-depth look at the industry’s most effective fraud prevention methods and the Ad Networks driving the lowest rates of ad fraud, download the Singular Fraud Index, the only study to analyze mobile ad fraud data from multiple ad fraud prevention solutions, revealing a first of its kind view of the mobile fraud landscape.

Download The Singular Fraud Index to see The Industry’s Most Active Fraud Prevention Methods & The 20 Most Secure Mobile Ad Networks

Ad Fraud Tutorial Series: What is Device Hijacking?

With the tremendous costs of advertising fraud, it’s natural that advertisers are trying to learn as much as they can about how digital ad fraud is perpetrated and how to protect their businesses from its costs.

Singular wants to help. This series of tutorial blog posts is designed to provide insights and explanations into the causes of digital ad fraud and how data-driven advertisers can protect their app business from every form of digital ad fraud, including forms of ad fraud perpetrated by device emulators.

What is Device Hijacking?

We all have the assumption that what takes place on our phones is entirely under our control. We assume that we decide and are the arbiters of what is downloaded onto our devices, and what information passes from them to outside parties.

———–

Download the Singular Fraud Index

SIngular has just released its 2017 Singular Fraud Index, which reveals the mobile industry’s Most Secure Ad Networks. The Index is the first study of its kind to examine fraud data collected from multiple fraud prevention solutions, each with its own set of proprietary detection methods. Drawing on this unique dataset, the study exposes the effectiveness of today’s most common anti-fraud mechanisms as well as the 20 ad networks driving the lowest rates of fraud.

Get your free copy here.

———–

Device hijacking violates every aspect of those expectations. With device hijacking, fraudsters take control of your device and manipulate both what takes place on it and what information enters and leaves it.

How Device-Hijacking-Based Ad Fraud is Perpetrated

To gain control of your device, fraudsters have a variety of tactics — each designed to convince you to download and install a malicious app. Here are two ways that this can take place:

The app may convince the user to voluntarily download it by offering some appealing but seemingly innocuous function like a flashlight. But inside the app is malicious code.
When you download an app, a second app might secretly be downloaded with it. Again, this is usually occurring on third party app stores where attackers have more leeway to deliver apps with malware inserted. Often those apps are invisible to the user.

Naturally, the major app stores spend a great deal of time and money trying to root out any would-be malicious apps. But device hijacking is all too common.

Once a malicious app is on your device, it goes to work creating problems for app advertisers, and potentially consumers as well.

Malicious apps can do many of the bad things that drive up ad fraud costs for app publishers. For example:

They can deliver thousands of ad impressions that are unseen by the device owner/user. The bad actor CPM-based media provider thus gets paid for ad impressions that never ran.
They can ad stack so that many ads are reportedly running in an ad space even though only one is visible to the user. The media provider is thus paid for many impressions at once.
They can (with Android apps) inject false clicks and take credit for installs when other apps are installed on a device.
They can accept IAP payments for virtual goods without transferring money to the publisher.

On the consumer side, malicious apps can also create real problems, including:

They can collect and transmit personally identifiable information that can be used for other forms of ad fraud
They can collect credit card details from consumers who erroneously believe that the app was issued by a reputable company
They can use lots of battery- and processing-power unbeknownst to the user

Detecting Device Hijacking in Your App Data

Often, the key to detecting device hijacking is in pattern recognition. When a single device ID delivers large numbers of clicks, for example, it can be a sign of ad fraud. Many times, analytics companies like Singular monitor such activity behind the scenes so that they can identify or block such activity.

Device hijacking can also be used to automatically install and uninstall apps to artificially boost install counts for a bad actor media source. Lots of installs and immediate installs from a single ID can be a vivid sign here.

These are just a couple of ways that device hijacking can be detected and its consequences flagged or blocked.

How Singular Helps Protect Ap Publisher Clients from the Costs of Device Hijacking

Singular offers an industry-leading ad fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent ad fraud for our clients, read on.

———–

Singular’s New Anti-Fraud Improvements

Learn about Singular’s new Enhanced Fraud Prevention Suite. See how working with Singular can help protect and defend your business. Click for details.

————

With Singular, app publishers have complete access to digital ad performance, media investment, and revenue data for their business. This also means that Singular has a broad sample of data from many large clients. That provides unique advantages in detecting and protecting clients from digital ad fraud. Our fraud detection and fraud prevention technologies are a mix of the best-known techniques today as well unique proprietary techniques only we can offer.

We constantly examine data flow into our unified analytics platform, looking for signs of fraudulent activity such as illegitimate networks, IP addresses, devices, mismatches in targeting, and more. In addition, Singular IAPs with the appropriate app store to ensure that cash has changed hands before recording a purchase. Also, with full uninstall and user retention insights right in the platform, Singular helps you identify sources and campaigns with suspiciously high uninstall rates.

Additionally, we have pioneered the use of ROI analysis as a fraud detection methodology. Measuring and optimizing to ROI can be a great way of identifying legitimate versus legitimate installs because only legitimate installs will be generating revenue.

No analytics or attribution company will reveal all of the defenses it employs to protect clients from the costs and inaccurate data resulting from ad fraud. But we’ll be happy to provide clients and prospects more insight into our approach. Contact us for more information on the Singular solution and how it can help protect your business.

Download The Singular Fraud Index to see The Industry’s Most Active Fraud Prevention Methods & The 20 Most Secure Mobile Ad Networks

Advertising Fraud Tutorial Series: All About Device Emulators

Advertising fraud is on many marketers’ minds these days. In a 2016 survey conducted by our team and VC firm Thomvest Ventures, 78% of enterprise app marketers reported that they were concerned about the costs of ad fraud.

At Singular, we consider it our duty to help those marketers by both providing outstanding anti-fraud services and by offering succinct and actionable education on ad fraud. As the leaders in the mobile app marketing analytics industry, Singular has spent tremendous time and resources analyzing:

Ad Fraud on mobile devices
Risk points for apps and app marketing
Key ways that marketers can work to mitigate the risks

All of this research has shown that the more clients understand about the risks and costs of fraud, the better prepared they are to act.

This post is all about device emulators and how fraudsters use simulated devices to perpetrate multiple forms of ad fraud.

What are Device Emulators?

Mobile devices send distinct signals. Attribution and analytics platforms collect and interpret those signals to record user actions and traffic to determine the provenance of installs and re-engagements.

———–
Download the Singular Fraud Index

Singular has just released its 2017 Singular Fraud Index, which reveals the mobile industry’s Most Secure Ad Networks. The Index is the first study of its kind to examine ad fraud data collected from multiple ad fraud prevention solutions, each with its own set of proprietary detection methods. Drawing on this unique dataset, the study exposes the effectiveness of today’s most common anti-fraud mechanisms as well as the 25 ad networks driving the lowest rates of digital advertising fraud.

Get your free copy here.
———–

Fraudsters try to fake clicks and other marketing-related actions by creating simulated devices that send signals they hope will be interpreted as if they come from bona fide mobile devices. A simulated device associates actions with faked device advertising IDs.

Device emulators can fake ad clicks as well as first launches that are intended to be interpreted as legitimate installs. Without robust ad fraud protection, a brand will erroneously believe that a legitimate install has occurred, and may pay the fraudster for that install (with CPI-based media) or credit that install to the fraudster (with CPC or CPM media buys). In either case, the fraudster stands to garner undeserved budget from the app marketing team.

Naturally, device emulation isn’t perpetrated on a onesy twosy basis. Rather, a bad actor will array large numbers of device emulators in an attempt to secure large amounts of marketer spend.

Detecting and Preventing Emulated Device Ad Fraud

The greed of fraudsters often acts as an avenue into ad fraud detection. For example:

Device emulators might send a set of click/install/launch signals associated with a large numbers of faked IDs, then send an uninstall signal and repeat the install reporting. Too many installs rapid fire from a set of IDs is a great indicator of ad fraud.

Device emulators might send signals that they have installed an app with a fake ID, then send another set of ad click/install/launch signals with a different faked ID. Too many installs from heretofore unknown device IDs is a strong indicator that emulated devices are being used in an attempt to defraud the brand.

One faked install on an emulated device would be very difficult to detect. But fraudsters perpetrate their crimes in volume to steal large amounts of revenue. That makes the patterns much easier to spot.

There are many other ways that we at SIngular identify likely device emulators, many of which rely on pattern recognition using similar principles as above.

The Singular Approach to Mitigating the Costs and Risks of Ad Fraud

Singular offers an industry-leading fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent ad fraud for our clients, read on.

Singular believes that the best way to help clients address the ad fraud challenge is with a combination of ad fraud detection and prevention. By layering detection and prevention, brands can enjoy maximum protection with minimum time resources dedicated to the challenge.

We take a different approach than do some others in the space which focus primarily on detection. Many companies focus primarily on detection because it is easier, and puts the primary onus of protecting a business on the client. After all, it is often easier to detect fraud after it occurs than prevent it from occurring in the first place. By contrast, we focus the majority of our time and resources on prevention to simplify and streamline your anti-fraud resource investments and mitigate the need for restitution in many cases.

———–

Singular’s New Anti-Fraud Improvements
Learn about Singular’s new Enhanced Fraud Protections. See how working with Singular can help protect and defend your business.
————

Singular monitors all of the campaign and spend data into our app analytics platform, looking for signs of fraudulent activity such as illegitimate networks, fraudulent clicks, suspicious IP addresses, faked devices, mismatches in targeting, and more. We also see all sides of a user relationship — ad metrics, spend, and post-install engagement/purchases. That helps give us and our clients a broad view into all of the key KPIs marketers use to analyze their businesses.

Further, the scale of our client footprint means that you benefit from the signals we collect and interpret across many large app businesses.. Singular’s client base of many of the largest players in gaming, retail, travel, on demand services and other verticals gives us a massive data footprint to examine so that we can stay ahead of the curve and provide unprecedented levels of protections for our valued clients.

With this extraordinary visibility into a large portion of the mobile app industry, Singular can detect and create prevention regimens with extraordinary speed and thoroughness as fraud approaches emerge and evolve.

To learn more about our comprehensive approach to fraud prevention, click here.

Download The Singular Fraud Index to see The Industry’s Most Active Fraud Prevention Methods & The 20 Most Secure Mobile Ad Networks

Mobile Ad Fraud Tutorial Series: What is Deceptive App Advertising Fraud?

Mobile ad fraud is on the mind of virtually every app marketer. While estimates vary, few dispute the assertion that app fraud costs our industry hundreds of millions of dollars per year.

To help app marketers better understand and respond to app fraud, Singular has launched a series of app fraud tutorial posts.

This post continues that series, providing information on mobile app fraud types, how they can harm your business, and how to protect yourself from specific types of app fraud. Here we also provide a topline summary of how Singular protects its clients from various forms of app fraud, and how you can learn more about the Singular fraud protection difference. Today’s post is about deceptive advertising app fraud. Deceptive app advertising refers to situations where a bad actor media partner creates and delivers a false advertising message to drive up campaign performance metrics and capture the maximum amount of brand marketing investment spending.

———–
Download the Singular Fraud Index

Get your free copy here.
———–

Savvy marketers know that the ads for their install and remarketing campaigns need to showcase the utility of their offerings, but be truthful. Deceptive app ad fraud usually occurs when a marketing team contracts with an ad network that makes its own ads in support of the marketer’s objective. Sometimes that forewarn clients that they want to make special ads for their properties that they believe will perform better than client supplied creative. Other times, they don’t provide notification to the client at all.

Deceptive App Ads and Fraud

Deceptive app ads are designed to drive higher response rates that will improve campaign metrics for a network. Some examples of deceptive app install ads include:

Ads that are deliberatively designed to mimic app UI
Messages designed to look like alerts or warnings from the user’s device
Creative executions that appear to be government warnings or messages
Advertising benefits that are not actually delivered by the app
Ads that use trickery or adult images to drive extra clicks and installs
Ads that offer rewards for installs that are never actually delivered

As you can see, many of these tactics represent both a consumer fraud and a fraud scam against the business.

While deceptive app ads can result in more of the desired consumer action, like installs, they are usually developed and fielded without a review by the client. For example, the publisher of an anti-virus app might contract with a network to drive quality installs, only to learn later that they created their own ads for the app that erroneously implied that the user’s device was already infected and that the only way to solve the problem is to download the client’s app immediately.

The Quality Problem

Deceptive app ad practices drive lower quality installs — individuals that rarely or never use them, or who never make in-app purchases. Thus, deceptive advertising fraud significantly limits a brand’s efforts at attracting and retaining profitable users. In this way, every install or user action driven by deceptive advertising represents theft to your iOS or Android app business.

Protecting Your App Business From Deceptive App Advertising Fraud

Almost every fraud strategy, including deceptive ap advertising, results in a data anomaly, like seeing far more installs from one ad network than average.Because fraudsters are greedy, they often max out their use of a fraud strategy like deceptive advertising — their actions can thus be relatively easy to stop.

That said, you have to be looking for fraud to spot it. Because most app marketing teams struggle with the amount of data that pours into their organizations each day, it can sometimes be difficult to detect fraud before it has cost your business signifciantly.

In addition to data signals, it can also be useful to monitor your customer service feedback loop and any communities where your suers congregate. You will be amazed at how quickly people will report fraudulent mobile advertising and inform your team of problems. But again, you have to be listing to hear the messages.

Some app publishers are naturally concerned that deceptive ads might put their businesses at risk of consumer backlash, ANA fines, FTC actions, lawsuits and other legal claims, or other punitive actions. Frequent violations of deceptive ad practice policies can also get brands blacklisted — something no advertiser wants to see happen to their business. One step some brands take here is to require that any media source planning to make its own ads for your app submit the messages for approval before they are released. That won’t stop fraudsters intent of perpetrating bad trade practice– but can help you mitigate the risks of a well intentioned but overzealous ad network.

Singular and Mobile Ad Fraud Fraud

Deceptive app advertising is just one of the forms of fraud that Singular monitors and works to prevent for its clients. Singular offers an industry-leading fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent fraud for our clients, read on.

———–

Singular’s New Anti-Fraud Improvements:
Learn about Singular’s new Enhanced Fraud Protections. See how working with Singular can help protect and defend your business.
————

As mentioned above, the greed of would-be fraudsters is often the best tool we have to thwart them. The more they leverage a specific tactic to steal your money, the more visible will be the patterns and performance anomalies. Since Singular collects, cleans, enhances, and associates ad performance, cost and revenue data in a single place, our platform offers enormous power as a fraud detection and prevention emchanism.

With Singular, app publishers have visibility into ad performance, media investment, and revenue data. That provides unique advantages in detecting and protecting clients from fraud. Our fraud detection and fraud prevention technologies are a mix of the best known techniques today as well unique proprietary techniques only we can offer.

Singular monitors the flow of data into our platform, looking for signs of fraudulent activity and fraud schemes. W constantly scrutimize client data for peculiar performance and data patterns from ad networks, IP addresses, devices, mismatches in targeting, and more.

Further, Singular verifies every in-app purchase (IAP) with the appropriate app store to ensure that you recognize revenue from every reported purchase. With full uninstall insights right in the platform, Singular helps you identify sources and campaigns with suspiciously high uninstall rates. These are just a few of the ways that Singular helps protect our clients from fraud.

Mobile Ad Fraud Detection and Mobile Ad Fraud Prevention – Why Both Matter

As more and more marketers focus time and resources on mobile ad fraud, it’s important to talk about the best mix of approaches to protect your business. Broadly, there are two different kinds of fraud actions marketers and their mobile advertising partners can take:

Fraud Detection Approaches: Fraud detection refers to technology and approaches designed to spot fraud and fraudulent activity in your data. Detection is about doing things after the fact of fraud.
Fraud Prevention Approaches: Fraud prevention refers to ways in which we stop fraud from occurring or impacting our data. Prevention is about doing things before the fact of fraud.

These two concepts entered consumer pop culture in the US over the past several months as identity theft and identity fraud companies poked fun at competitors that focused on one or another approach. Here’s an example of one such ad.

While this commercial above discounts the value of detection as part of one’s protection strategy, the reality is that both detection and prevention play a critical role in protecting an individual or a business from fraud. In the context of the app industry, both detection and prevention play critical roles in protecting your marketing investments. Let’s explore the role that each should play for you.

The Key Role of Ad Fraud Detection

App fraud can affect your business in a variety of ways:

It can rob your business of marketing investment
It reduces your revenue and ability to monetize your IP
It creates major inaccuracies in your data
It inhibits your ability to optimize based on performance

Ad fraud detection helps to mitigate some of these dangers by identifying suspect actions so that marketers see them and can follow up. By constantly examining your marketing data for anomalies, suspicious patterns, and potentially fraudulent installs, events and purchases, fraud detection helps you to identify risks to your business along with pinpointing specific results that should be questioned or disputed.

With detection, the key to being able to spot possible fraudulent activity is granular data. We learn about bad actors and fraud tactics through ad fraud detection. The challenge of fraud detection is that the advertiser learns about fraud after it has impacted your business. It’s a great discovery tool, but does nothing to protect the advertiser from fraud as it occurs.

Different advertisers have different approaches to iPhone and Android ad fraud detection. One Singular innovation, is the ability to set alerts that will notify you when data anomalies warrant your attention.

The Key Role of Ad Fraud Prevention

Enter fraud prevention. Prevention helps protect a business by blocking fraud from affecting your business, data and bottom line. Some examples of ad fraud prevention include:

Automatically blocking IP addresses known to be used by cloud computing services from submitting app install or purchase signals. Such IP addresses don’t represent mobile web traffic — ergo, we know signals from them are likely fraudulent.
Blocking fraudulent sub-publishers from claiming app installs or post-install revenue events.
Automatically flagging any traffic whose timing indicates click spamming or the like.

Marketers love prevention strategies because these stop fraud before it occurs. This is clearly preferable to having to demand refunds or other corrective action from partners. Prevention is thus great when a business is under assault from previously detected fraudsters and fraud methodologies/

That said, prevention is far less effective at protecting an advertiser from new, rare, or more advanced fraud tactics. That’s because prevention by definition presupposes that a platform has been set to spot and block actions. That requires foreknowledge. New types of signals and patterns are much harder to prevent from impacting an Android or iPhone app business.

A Symbiotic Relationship Between Detection and Prevention

When you get granular and examine detection and prevention as concepts, it’s easy to see why both play a role in a robust anti-fraud strategy. Prevention can provide a barrier against known fraudulent actors and approaches, while detection can help identify new risks while ensuring that you can take corrective action where necessary to ensure the veracity of your data and revenue figures. In turn, detection can spot new forms of fraud that can then be stopped with new prevention approaches, rules and tactics.

Singular’s Approach: Fraud Detection AND Prevention

Singular offers an industry-leading fraud solution that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent fraud for our clients, read on.

Unlike some players in the attribution and analytics space, who focus on the easier and less costly detection side of anti-fraud, Singular combines detection and prevention in its antifraud offerings, with a robust emphasis on both approaches.

Singular monitors the flow of data into our platform, constantly evaluation all of the signals for signs of fraudulent activity such as illegitimate networks, IP addresses, devices, mismatches in targeting, and more.

In terms of purchase verification, Singular verifies every in-app purchase (IAP) with the appropriate app store to ensure that you recognize revenue from every reported purchase. With full uninstall insights right in the platform, Singular helps you identify sources and campaigns with suspiciously high uninstall rates. These are just a few of the ways that Singular helps protect our clients from fraud.

———–
Singular’s New Anti-Fraud Improvements
Learn about Singular’s new Enhanced Fraud Protections. See how working with Singular can help protect and defend your business. Click for details.
————

Another key fraud advantage for Singular is the scale of its client footprint. Singular’s client base of many of the largest players in gaming, retail, travel, on demand services and other verticals gives us a massive data footprint to examine so that we can stay ahead of the curve and provide unprecedented levels of protections for our valued clients. With this extraordinary visibility into a large portion of the mobile app industry, Singular can detect and create prevention regimens with extraordinary speed and thoroughness as fraud approaches emerge and evolve.

Singular’s outstanding visibility into BOTH the ad performance and spend sides of the install category gives us unique advantages in detecting and protecting clients from fraud. Our fraud detection and fraud prevention technologies are a mix of the best known techniques today as well unique proprietary techniques only we can offer.

———–
Download the Singular Fraud Index

SIngular has just released its 2017 Singular Fraud Index, which reveals the mobile industry’s Most Secure Ad Networks. The Index is the first study of its kind to examine ad fraud data collected from multiple ad fraud prevention solutions, each with its own set of proprietary detection methods. Drawing on this unique dataset, the study exposes the effectiveness of today’s most common anti-fraud mechanisms as well as the 25 ad networks driving the lowest rates of digital advertising fraud.

Get your free copy here.
———–

Ad Fraud Tutorial Series: What is Ad Fraud?

Definition: Ad fraud is the practice of deliberately attempting to drive ad impressions that have no potential of being seen by a real person. Digital ad fraud is a crime – it is deliberate, premeditated, and designed to rob advertisers of value for their advertising spend.

Digital Ad Fraud v. Bot Impressions

Much ad fraud is driven by bots – software designed to automate repetitive tasks online. Google, for example, uses bots to examine millions of pages and apps every day to understand what content they offer. They use this data so they can deliver the best possible results with their search engines.

Google bots are obviously not malicious. They are not designed to defraud advertisers, though it is possible that a Google bot can trigger an ad impression while doing its job.

Bot-driven ad fraud is different. These bots are deliberately developed to load ad views so that the criminal entity earns advertising dollars. So, impressions delivered to bots are not necessarily ad fraud. It is the malicious intent that makes some of them fraudulent.

How Digital Ad Fraud is Perpetrated

There are a multitude of ad fraud tactics, which include:

Bots that secretly take over consumer PCs and spawn pageviews unseen by the user.
Networks of hijacked computers (“botnets”) that fake consumer traffic.
Virtual machines that mimic consumer-used PCs and rapidly spawn thousands of pageviews.
Videos that automatically play but which are extremely small or even invisible on the page.
Software that emulates multiple clicks occurring every time a consumer makes a real click.

These are just a few of the methods used. Ad fraud, and fraud detection, is a continuing arms race, with each protection breakthrough spawning an innovative approach to perpetrating fraud.

How Prevalent is Ad Fraud?

All researchers who have studied ad fraud identify it as a significant amount of total web traffic. The Association of National Advertisers (ANA) and online fraud detection firm, White Ops, conducted one of the largest industry studies, in which data showed that 11% of display and 23% of video impressions were caused by bots and botnets. Another leading industry association, the Internet Advertising Bureau (IAB), stated that almost 36% of web traffic was fake.

———–

Download the Singular Fraud Index

Get your free copy here.

———–

Protecting Yourself

It is important to be vigilant as regards monitoring for signs of fraud. Here are a few strategies to help you do just that:

Anti-Fraud Tools: Some attribution and analytics suites offer tools to help advertisers identify and prevent fraud. SIngular, for example, automatically offers many protections. Such tools may use signals like IP addresses, click and install pattern detection, and fraudulent activity monitoring to pinpoint campaigns, partners and buying models that are driving fraudulent app installs.
Common Sense: A deal that sounds too good to be true is likely to result in low-quality app installs.
Focusing Resources on Trusted Partners: Large or niche vertical media companies are more likely to have the scale and resources to detect and prevent fraud. Further, properties like social networks can leverage user account information to help ensure that installs come from legitimate people.
Leveraging Retention and Uninstall Data: By comparing the set of user traffic attracted by different media companies, brands can learn a lot about user quality. Low user retention or high uninstall rates increasingly are seen as signals of possible fraudulent activity.
Use ROI Analytics as a Primary KPI:. Arguably, the best KPI to monitor and prevent fraud is ROI, or revenue divided by cost, as it is particularly difficult for fraudsters to simulate a sale, especially because most marketing analytics platforms — including Singular — verify in-app purchases with App Stores.

Singular and Ad Fraud

Singular offers an industry-leading fraud solutions that you can learn more about right here. For a capsule summary of some of the steps we take to detect and prevent fraud for our clients, read on.

At Singular, our unprecedented visibility into BOTH the ad performance and spend sides of the install category gives us unique advantages in detecting and protecting clients from fraud. Our fraud detection and fraud prevention technologies are a mix of the best known techniques today as well unique proprietary techniques only we can offer.

———–

Singular’s New Anti-Fraud Improvements

Learn about Singular’s new Enhanced Fraud Protections. See how working with Singular can help protect and defend your business. Click for details.

————

Singular monitors the flow of data into our platform, looking for signs of fraudulent activity such as illegitimate networks, IP addresses, devices, mismatches in targeting, and more. Further, Singular verifies every in-app purchase (IAP) with the appropriate app store to ensure that you recognize revenue from every reported purchase. With full uninstall insights right in the platform, Singular helps you identify sources and campaigns with suspiciously high uninstall rates. These are just a few of the ways that Singular helps protect our clients from fraud.

Singular enables data-oriented advertisers to connect, measure, and optimize siloed marketing data, giving them the most vital insights they need to drive ROI. The unified analytics platform tracks over $7 billion in digital marketing spend to revenue and lifetime value across industries including commerce, travel, gaming, entertainment and on-demand services.