mobile attribution Archives

Introducing the iOS 14 Resource Center: Everything you need to know to future-proof growth

Since the day Apple dropped their announcement regarding the deprecation of IDFA and the implementation of SKAdNetwork, we’ve all been at the edge of our seats trying to figure out what is next for mobile acquisition on iOS.

As mobile marketers, we face tremendous change and uncertainty, and to top it all off, we have NO idea when iOS 14.5 will actually be released.

What we do know is that having a day-1 strategy in place, understanding how your MMP is handling the situation, and learning as much as possible beforehand, will provide a significant competitive advantage in the post-IDFA world. While we can’t predict the exact date of iOS 14.5 (although according to Tim Cook it’s any day now), Singular is committed to making the transition to SKAdNetwork as seamless as possible.

Ever since Apple hinted at the death of IDFA back in March of 2019 with the release of the first SKAdNetwork beta, we’ve spent almost every waking hour focused on learning the intricacies of this brand new measurement framework. We’ve published a slew of blogs on how to test SKAdNetwork, how to uncover actionable analytics, breaking down developments from Apple, and insights into the readiness of the ecosystem. We’ve hosted webinars with top marketers and ad partners that discuss their SKAdNetwork solution, how to prepare for IDFA deprecation, and more. We’ve written guides on how to tackle marketing measurement in iOS 14 and how marketers are adapting their UA strategies. We’ve created the Mobile Attribution Privacy community to bring together industry players to ask questions, share insights, and ultimately collaborate on solving for the future of marketing measurement.

Why? Because we wanted to help the mobile ecosystem; from app developers, demand-side platforms, supply-side platforms, and even other MMPs with this transition, so we as an industry are as prepared as possible.

We’ve created Singular’s iOS Attribution Resource Center for exactly that purpose. We’ve rounded up all our important insights, how-tos, and thought leadership into one easily accessible resource center.

Along with the resources we’ve made available, Singular’s iOS 14 solution is the perfect recipe for continued success, despite the massive shifts our industry is undergoing… Singular’s SKAdNetwork Attribution and Analytics solution handles everything from postback collection to conversion value management to arm you with superior analytics to continue to best invest your ad dollars. And to ensure you have peace of mind and avoid disruption to your business, Singular is 100% compliant with app store policies.

So, what are you waiting for? Stop spending 7 hours a day Googling how to get ready for iOS 14 or trying to understand how to maximize insights with SKAdNetwork… All the answers are right here!

Welcome to mobile attribution’s first-ever recession: What you need now

What do modern marketers need from mobile attribution in 2020?

There’s not a lot of history to guide mobile marketers on what to do in a global pandemic and a worldwide recession. Mobile is now a massive part of our lives and our industry, but it’s still incredibly young: barely more than a decade old. The App Store wasn’t launched until 2008, and smartphones didn’t achieve 50% penetration until 2014. Mobile attribution itself is just eight or nine years old, and the mobile growth stack as a whole is a very recent invention.

That means mobile, mobile marketing, and mobile attribution have never gone through a major economic recession or depression.

It also means that we have few precedents to understand how they’ll react and that we don’t fully know how all this will impact modern marketers. The good news for mobile marketers is that COVID-19 has made mobile even more important for business, for connection, and for almost every other activity we engage in. That bodes well for mobile continuing to not just be a viable space, but doing well and possibly even growing, even if the wider economy shrinks.

The bad news is that if the quarantine and shutdown efforts shrink the wider economy enough, even a good news story will turn negative. Mobile can’t grow enough to stay in the black if the economy craters too hard.

Ultimately, like everything else in 2020, expect change.

What we’ve seen from mobile attribution

We know the historical impact. Singular customers have demonstrated the result that mobile attribution which unifies spend and return in a single platform can have.

One retail customer boosted sales 2X with attribution. Another boosted sales 72% with 24% less ad spend. A gaming customer doubled installs. Another saved 15-20 hours a week in data management. A delivery customer grew conversion rates almost 200%. The average customer that leverages Singular’s granular insights boosts conversions 2X.

All pre-Coronavirus.

All before the shutdown boost in app installs. Before working from home and a massive jump in gaming, retail, and social. And before we saw retention rates suffer from COVID-19 mobile trends.

What about now?

Mobile marketing: key challenges TODAY

Mobile marketing in general is hard. Mobile user acquisition at scale is one of the more challenging tasks in our modern economy.

That was true long before anyone ever heard about COVID-19 or there was an inkling of Coronavirus, a shutdown, or a virus-driven economic recession. In 2019, mobile marketers told us the key challenges in their jobs included managing scale, understanding cross-platform measurement and incrementality, unifying siloed data, fraud detection, and more.

None of those challenges magically disappeared in the last four months. But now we have a whole new set of problems to join them. Finances are tighter. Funding is less certain. Monetization is less dependable. All bets are off when hundreds of millions of people globally are out of work or locked into their homes.

In addition, post-Coronavirus, you’re probably getting fewer resources. You likely have less budget. You might have fewer people. And even if you’re in one of the categories that are way up, your CEO is worried about long-term financial stability and is therefore probably more risk-averse than ever before.

All of which is to say: for marketers, driving exponential marketing impact has never been more urgent or important.

And, most likely, it’s never been harder.

What you desperately need from mobile attribution now

It’s pretty simple, isn’t it? You need exactly what you needed before, but more.

And less.

You need the same boost in performance that got Home & Shopping a 73% increase in ROI on 24% less ad spend and a 15% decrease in cost per purchase. You need double the installs with 22% less cost. You need more automation and less busywork so you can save 15+ hours/week. You need 85% more growth with less time spent on marketing data management.

How?

Straight-up, it starts by being smarter than your competition. The best of them are marketing scientifically. They might be saving literally six figures monthly thanks to deterministic fraud prevention. They are probably using custom dimensions to tailor attribution and marketing analytics in real-time automatically to their specific vertical, business model, and company KPIs. They also use creative analytics to instantly tell which ads get the highest click-through rate and the best conversion rate across all their ad partners … without having to calculate a single parameter.

It is all about exposing opportunity and minimizing risk.

You need a fast and painless way to measure marketing activities at very granular levels in order to quickly identify top-performing channels and make optimizations. You need to reveal previously inaccessible insights on performance, so you can quickly shift budgets away from under-performing initiatives and optimize top-performing channels. You need to monitor marketing budgets across campaigns in real-time to effectively track performance to goals and avoid overspending.

Report: 7 things your mobile attribution doesn’t do (but should)

Right now, every last dollar has to count. Everything that can be optimized must be. And anything that can be automated needs to be. If you’re not using Singular to boost ROAS and manage spend, now’s the time to try. There’s a free option for SMBs, and there are amazing plans for enterprise and at-scale marketers.

Here’s what you need now more than ever (get the full report here):

Make marketing data simple

Automatic collection and combining of your most important datasets
No more tedious data transformation tasks
Marketing data that matches every time across all your ad partners
Unified upper-funnel campaign data with lower-funnel attribution data
Standardized and normalized data
Comprehensive ROI reporting at all dimensions
Accurate, timely and actionable insights
ETL to get your data wherever you need it, ready to go

Unlock granular and aggregate analytics

Pockets of profitable growth identified quickly
Less wasted spend
High-level snapshot of all your data at once
Ad creatives side-by-side with metrics
Creative clustering to automatically group similar ads across sets and partners
Holistic view of ad monetization
Better decisions about campaign performance and channels
Easier scaling of marketing efforts efficiently and intelligently

Customize data views automatically

Unique analytics for your unique KPIs
Easy custom grouping of data by dimensions that matter (to you)
Simple breakouts by geo and market
Automated custom reports
Business unit breakdowns
Funnel stage breakdowns
Custom metrics including aggregated metrics and calculated metrics
Custom events

Connect cross-platform web-mobile journeys

Unified cross-platform journeys
Connected spend/return on every dollar on every platform
Touchpoints for custom MTA models
Digital and non-digital platforms
Retargeting

Prevent fraud

Deterministic, not probabilistic fraud prevention
Proactive, not reactive days, weeks, or months later
Real-time
Transparent: you and ad partners get user-level decision logic
Built-in, no extra cost
Customizable, not hard-coded
Most powerful in the industry with documented savings for named clients in the six figures per month

Activate near-real-time segments

World-class audiences capability
Precision generation of specific audiences
Automated distribution of audience segments across all media sources
Regular and automated syncing of audiences
Highly customizable

Inspire trust

Used by top-10 global companies
Trusted by the best data-driven marketers on the planet
Used by top brands who are winning in their categories

For more details, get the full report or talk to us.

It’s about survival. And it’s about winning

Your category has a lot to say about your results right now. Gaming’s up. Retail’s up. Business services and social media are up right now too. But travel has challenges — with some recovery. And other categories are feeling the impact of COVID-19.

So you might be focused on just surviving right now.

Or you might be doing fairly well, all things considered, and focusing on beating the competition.

Either way, you need to simplify marketing data and rationalize different datasets from partners. You need clean data that’s standardized and collected for you to make your team more efficient, and to make testing new partners relatively easy and painless. You need to expose full funnel performance metrics that are custom to your business. You need to optimize each channel and each campaign, and shift budgets from poor performers to top performers.

Ultimately, that’s going to result in positioning yourself best in tough economic times, if they persist, as well as in recovery, as it continues.

Get the full report here!

Evaluating the true impact of web-to-app conversions

In this first article in a series on cross-device attribution, we describe why marketers should leverage the web as a meaningful acquisition channel, even with app-only products.

Introduction

Traditionally, mobile attribution providers have outright avoided the web. Or, they’ve offered limited solutions built with problematic assumptions and mobile-centric design that lack the technical depth to properly address the web as a meaningful acquisition platform—even for entirely mobile apps.

This is changing. As advertisers get smarter, tools get smarter, and vendors are looking to expand and provide better solutions as they continue to compete with each other in the busy SaaS MarTech space.

Interestingly enough, while the above is clearly relevant for products that contain both mobile and web—whether it’s mobile web or desktop—it’s also becoming more relevant for “pure” mobile apps that aim to acquire users through mobile search, web-based registration flows, and other web-focused acquisition strategies.

Why web?

Almost all user acquisition teams today end up running campaigns on the web. For products that support both mobile and web, running web ads that lead to your web-based product typically yield higher conversion rates, which then provide easier paths for having users download your app. However, even app-only products end up having ads showing on mobile web inventory, with links typically leading to app stores. This leads to poor conversion rates.

However, arguably the biggest missed opportunity by not running paid ads or other types of web campaigns is Search. Search is a great way for people to find your app or website. And, the ability to optimize your acquisition by understanding how different campaigns, keywords, and content work is vital to maximizing your budget.

Sadly, most mobile attribution providers are as their name suggests—focused on mobile. Solutions are very limited and lack the technical depth to support the variety of user flows between web and mobile.

Web-to-app tracking: just one use web/mobile case

Web-to-app tracking is a great use case to start with, as we begin to unfold the variety of user journeys between web and mobile. The term commonly refers to the situation where someone visits a web page while using their mobile device.

Perhaps this web page is the full-blown product. It could also be a simple landing page. In both cases, users see a link to install the app. Most often, this appears as a banner at the top or bottom of the page.

In most cases, marketers would rather let the user convert first, for example by making a purchase of the product they originally searched for. This would intuitively increase the chances of a user wanting to download a new app. In some cases such as mobile gaming, the user’s intent is higher (they’ve reached this page after their search), and direct download may be ok.

The first scenario of a user converting on the web requires the attribution provider to support web attribution. We’ll get back to this later.

Let’s focus on the second use case, where the user came in from Search or from a web ad, to then click a link and download the game. The important question we ask ourselves as marketers here is what do I know about this user? Which campaigns did they come from? Which ad groups or ad sets, and how much did I pay for them? What are the keywords that work better for me, and what terms result in higher click-through rates?

All of these questions are what a capable attribution provider should answer.

When tracking web-to-app conversions, the ideal report is one that allows you to focus on a specific channel, dive into each and every campaign, and understand what the campaign is yielding in terms of app installs, post-install conversions, and eCPI and eCPA for different components within the campaign or the campaign as a whole. This allows us to compare it to other paid campaigns and activities.

There are even more fundamental questions such as:

How should I create the right links?
What UTM parameters should I use and how?
Can I link a UTM parameter to an app install?

Unfortunately, traditional tools today lose this context and as a result, reporting options are either not showing any context previous to the web page visit, or a very limited one.

Fortunately, the solution needed to solve the problem isn’t that complex. But it does require an understanding of both web tracking—how partners work and what UTM parameters should contain—and mobile. And, most importantly, how to tie the two together.

What’s next?

In the following articles we’ll dive deeper into the mechanics of how web-to-app tracking works, as well as continue to more advanced topics such as web tracking and the Holy Grail—cross-device attribution.

If you’d like to learn more about Singular’s web-to-app and cross-device capabilities, please reach out to schedule a demo.

Fake security features in mobile attribution SDKs

I often hear about security questions our customers are asking regarding our mobile attribution SDK security. It usually comes up when companies are evaluating a new attribution provider, and either submit an RFP/RFI document or run their own checklists. What’s interesting is that nine times out of 10, the SDK security questions center around two topics:

Do you have an open/closed source SDK?
Do you have an SDK encryption mechanism?

These questions are natural—stakeholders want to make responsible decisions for their business. This is especially true in today’s world where the MMP is the source of truth, one that fraudsters are constantly trying to manipulate.

The problem is: these mechanisms, and some others, are over-hyped by other MMPs and not real security measures. They’re the absolute basics, like remembering to lock the door when you leave the office.

But they don’t offer any real protection. Instead, they provide a false sense of security.

In this article, I’ll explain a bit more about why SDK security is such a difficult problem, why the aforementioned mechanisms aren’t real security, and what Singular’s doing to continue to provide strong protection against fraud.

What’s so hard about securing the SDK?

SDKs are pieces of code that run inside a mobile app. Their main function is to collect and report data like app opens, user events, revenue, and metrics to a server (e.g., Singular’s servers). They also support some functionality like deep linking, fraud prevention, etc.

Since apps communicate with their servers over the internet, there’s an inherent challenge of verifying this communication is indeed originating from a real device and a real user.

As such, two of the most commonly used techniques for securing SDK communication are adding encryption and closing the source. The point is to make it hard to fake authentic communication, but it’s actually security through obscurity—which is a big “no no” in the world of security. As a result, advertisers have a false sense of safety and are easy pickings for fraudsters.

The best analogy is wax seals, used in the Middle Ages, to seal letters and authenticate the sender. Sadly, in today’s age, wax seals aren’t truly effective tools for security. Anyone motivated enough can find a way to produce perfectly similar wax seals, and fool the letter’s recipient into believing it’s an authentic communique.

SDK encryption

A standard play in the obfuscation game involves attempts to use encryption to “verify” that the data being sent by the SDK to the server is indeed authentic data.

Encryption algorithms rely on a secret key established between two parties. In our case that would be the SDK and the server. The encryption algorithm, combined with the secret key, enables you to create authenticated, encrypted messages.

While this sounds like a marvelous idea, there is one small flaw in this plan. The SDK that resides inside the app needs to know the secret itself. Most apps that we know, even the paid ones, are publicly available for download in the App Store / Play Store, which means that anybody can get ahold of the secret key. Not so secret anymore… is it?

The way to extract the key is quite simple:

Download the app binary (APK for Android, IPA for iPhone)
Depending on the platform, you may need to decrypt the binary with publicly available tools
Reverse engineer the binary and get the SDK encryption key

For skilled individuals—certainly ones who are financially motivated (fraudsters)—this can be done in seconds if it’s automated by software, or minutes if done by hand.

Does closed source matter?

Probably the best example of security through obscurity is the claim some vendors make about how their closed-source approach is “essential when fighting ad fraud,” while other vendors claim they “live by open source.”

Sadly, it’s all BS.

Since this is almost a religious matter for some people, I’ll avoid picking sides. Instead, I’ll simply explain why no option really provides security against faking SDK traffic:

Open source claims that by being open and transparent with your code, it’ll be easier to weed out bugs and to be audited. As such, you’re creating a more secure environment.

The obvious downside is that your entire security mechanism is open for all, and you can see how it works (i.e., you can see how someone generates their wax seal).
Closed source claims that by being closed and obfuscated with your code, it’ll be harder to find bugs and be audited, and as such you’re creating a more secure environment.

While it makes it difficult for people to understand how your security mechanism works, there are processes like reverse engineering that any semi-skilled fraudster could utilize that basically reveal something quite close to the original source code. Which means that if you try hard enough… you can still learn how the security mechanism works!

What you need to understand is that it’s all an obfuscation game, and it’s not real security.

How do we secure our mobile attribution SDKs?

First off, we do the basics. Closed-source SDK and SDK encryption are the basics, and we’ve done them since the first version of our SDK.

Second, we developed proprietary methods for iOS and Android that leverage a chain of trust. This chain helps enforce that devices communicating with our servers are real devices, owned by real people.

As the leader in enterprise fraud prevention, Singular is the only vendor with these capabilities. Using this technology, we’ve saved our customers from wasting hundreds of millions of dollars on fraudulent activities. This is not just us raising the bar, but making it virtually impossible to spoof our traffic.

If you’re unsure about your current security and want to talk to our fraud and security experts, come talk to us: fraud@singular.net.

What Singular is doing with the Mobile Attribution Privacy working group

Wondering what Apple’s new privacy enhancements mean for you?
Watch our on-demand webinar iOS 14 & IDFA Changes: What you need to know

Will we soon be living in a post-IDFA world? It’s hard to say, but there are some reasons to prepare for it, which is why Singular has established the Mobile Attribution Privacy working group.

In 2019 so far there have been over 1,000 privacy breaches exposing over 146 million records. That’s just one reason why privacy and data security are becoming increasingly important, both from a regulatory standpoint and a customer trust point of view.

As I shared with you a few months ago, Singular has already started making steps towards a more privacy-safe attribution model.

Recently, we met with representatives from companies including Lyft, AirBnB, Twitter, WB Games, Jam City, DraftKings, Oracle, Branch, Unity, the Mobile Marketing Association, LUMA Partners, and many others as part of a Mobile Attribution Privacy (MAP) working group. Our goal as advertisers and vendors: talk about options for measuring marketing while serving the privacy needs and desires of customers and users … even if the IDFA goes away.

Post-IDFA: what we talked about

In our first meeting, we talked about whether this was mobile and web, or mostly just mobile. The consensus: we’re going to keep this primarily focused on mobile attribution.

We also talked about Google advertising ID, and whether that should be part of the conversation. Though it seems that Google would be much less likely to abandon their primary identifier than Apple, we decided that we should look at global solutions for both Android and iOS.

One of the things we unanimously agreed on: we need to be focused on the needs of people: users and customers. If something doesn’t matter to users, it shouldn’t matter to us, and conversely, if it does, then it needs to be a core concern for marketers and marketing technology vendors.

This is one of those things that sounds simple but is actually complex.

For example, Apple cares first and foremost about their users, but to get these users to the iOS platform they need content providers to thrive and have an economic incentive to build for it. As one participant said: “People choose a phone based on where they can play Fortnite.”

And while big content creators could survive removal of device identifiers (by switching to something else – like an email address), many smaller ecosystem players would struggle to survive, as this will greatly deteriorate people’s ability to know who their users are and where they came from.

Broadening the conversation

Two interesting ideas that have legs came up. And they’re both ways to broaden the conversation.

One is to bring this discussion to the IAB, the Interactive Advertising Bureau, and perhaps create a working group focused on Mobile Identifiers. The IAB, after all, is dealing with other privacy-related topics. Another is to view this area as an extension to the GDPR and CCPA (California Consumer Privacy Act) legislation. Both are valid suggestions, and we’ll be looking into both options.

And finally, we spoke about multiple device identifier options:

Auto-rotating (short-lived) IDFAs
If the IDFA auto-rotated, say weekly or monthly, Apple would limit how long you can track any particular user. This should permit proper advertising attribution. One question yet to answer: can an app developer stitch the rotating IDFAs together as long as the user is active within their app? Some would consider that app activity as a “meaningful relationship” which may permit doing so; others might consider it a violation of privacy.
Google Play Referrer equivalent
Google has an excellent mechanism for passing referrer context into Google Play that the app can then query upon installation. Again, this would enable attribution. The obvious problem here is that enabling this type of link tracking makes it impossible to prevent vendors from appending a device ID, click ID, or other form of identification that could be connected to a specific person.
SKAdNetwork
This is somewhat of a similar concept: you pass info to the App Store, but it’s not exposed to the installed app. The data is controlled by the operating system, and the amount of data you can pass along is greatly limited. In its current form this feels immature, but that could change with serious interest from major players.

And the conversation continues

Ultimately, we’re going to continue the conversation. We’re also going to broaden it to new players, and we invite anyone who is an interested party to be part of the next meeting of the Mobile Attribution Privacy group, either in person or via videoconferencing.

If you’d like to be part of the Mobile Attribution Privacy (MAP) Coalition, please join us in the MAP Slack group. There, you’ll be able to connect with other industry folks who are working to move the digital marketing community forward in this new, more privacy-safe world.

Advertising attribution + security + privacy: built-in by design

Every day, we’re bombarded with stories about data breaches, successful hacks, and privacy violations. The world of advertising attribution is not immune to any of those.

Just in 2019, there have been 63 breaches exposing 100 million records in the fintech sector alone, according to the Identity Theft Center. Plus 363 in the medical field and 59 in government/military. Add in all the other sectors, and there have been over 1,000 breaches exposing data on over 146 million records … just this year.

Short version: the problem is real.

So the question is: What is Singular doing about security and privacy? And, how are we enabling both while still providing best-in-class marketing analytics and mobile attribution?

Securing and advertising attribution

Every attribution provider has to maintain a critical set of design principles and methodologies for building, testing and auditing every single part of their platform to maximize data security, and that’s exactly what Singular has done.

It’s true: there is no silver bullet in security.

But prioritizing security when building products, together with comprehensive security knowledge and organization-wide awareness will minimize the chances for a breach.

Serving the world’s top advertisers, and with our engineering team composed of cyber security veterans, we are more than equipped to secure your most sensitive data. To date, Singular has never had a security breach.

That’s good news, but we’re not resting on our laurels.

In fact, under GDPR regulations, attribution providers now have the regulatory requirement to report on any security incident within 72 hours from the time of breach.

Authentication is also of vital importance: your attribution provider must support two-factor authentication, single-sign on, and strong passwords to ensure your marketing data stays private.

Audits and pen testing

Security experts agree that periodic audits and penetration testing by respectable parties is another great tool to evaluate how secure your provider is with handling your data.

You have the right to see these proofs, and an honest vendor will be happy to show them to you. (So yes, you can ask us!)

Advertising attribution and privacy

Privacy, although often coupled with security, is a requirement on its own. It may not be something that most people think about when they think of an advertising attribution provider, but it is something we think about at Singular.

There are a number of important factors to consider around privacy:

Regulatory compliance:
Everyone says they comply, but Singular goes the extra mile. We comply with GDPR, CCPA, COPPA, and other standards. And we enable privacy-related requests such as Right of Erasure and Right of Access programmatically through a set of API endpoints. That’s scalable privacy.

Respecting your users privacy is critical
You need to protect your users’ privacy at all costs. That includes SDK-based methods to cease tracking for under-age users or users who did not consent. It also includes never, ever mixing one customer’s user data with another customer’s dataset.

Hint: if your attribution provider is touting people-based attribution as a core feature, you might want to ensure that no generally-available device or user graph is being enriched at your expense. And, maybe more importantly, your users’ expense.

And, respecting your users’ privacy means working on methods of accurately attributing marketing results and advertising impact even if device IDs like the IDFA go away.

How Singular’s mobile attribution is saving app developers up to $500,000/month

Mobile attribution is a commodity, right? You can get it from anyone, correct?

Well, sure, if you don’t want elite-level marketing success. And, if you don’t mind paying fraudsters to funnel all your ad dollars into Lambos, vacations on the French Riviera, and sipping pina coladas on the beach.

That’s become incredibly clear in the last few weeks since Singular added deterministic android install validation to our Fraud Prevention suite. Fraud prevention is included, for free, in Singular’s mobile attribution solution.

Findings from the 2019 mobile attribution fraud prevention report

One product release, 3 fraud-fighting solutions

The recent product update actually included significant updates to two additional fraud-fighting technologies: Android Organic Poaching Prevention and Android Click Injection Prevention. Android Organic Poaching Prevention stops fraudsters from claiming credit for app installs that are normal, natural user behavior. Android Click Injection Prevention stops fraudsters from claiming credit for installs that other ad networks drove.

Customers and app developers are saying that collectively, this is having a huge impact:

“Singular’s new progressive anti-fraud solution detected more ad fraud than competing solutions,” says Ronak Jain, Mobile Marketing Manager at Cleartrip, the top travel technology platform for emerging markets. “This is a game-changer and will play a key role in making growth decisions.”

Some clients are saving more than $100,000 a week with the solution. Other app developers discovered that more than 90% of the app installs they had been paying for from a particular network were fake.

Another client in an on-demand services industry discovered that almost 50% of their paid installs suffered from mobile attribution manipulation. The wrong ad partner was getting paid … showing that fraud cheats ethical ad networks as well as advertisers.

Getting that clarity — and then being able to kill the fraud — returns app marketing to where it should have been all along: advertisers maximizing their hard-earned ad dollars to drive growth.

“Singular’s new fraud-fighting technology helps our User Acquisition team focus on legitimate campaigns and significantly boost return on ad spend,” says John Parides, Senior Director of User Acquisition at Glu, maker of the iconic Deer Hunter as well as Kim Kardashian: Hollywood.

But how does this work? What’s the philosophy behind Singular’s mobile attribution fraud prevention?

App developers: 4 key fraud prevention principles

It’s easy to say that you fight ad fraud, or catch mobile fraud. It’s another thing to do it effectively.

Singular’s cyber security team is constantly monitoring anomalies and abnormal behavior, checking a wide array of signals. Once we find something that is abnormal, we dig deep to find the root cause and find a deterministic way to fight that fraud methodology. Essentially, what we’re doing is emulating the way fraudsters think and then reverse engineering their schemes.

Here are the four key principles behind Singular’s Fraud Prevention product.

Deterministic
Singular strives to have no false positives. We want to clearly identify fraud at a granular level. So Singular’s fraud results apply to actual individual installs, devices, and users, not blanket-level sources or publishers.

Proactive
Finding fraud after it has already occurred is too late. Advertisers have already paid for traffic or users or customers, and then they’ll have to engage in time-consuming and difficult cost reconciliation conversations with partners.

A potentially bigger problem when you let fake users in: marketers get fraudulent engagement and purchase data along with the fake users, muddying your analytics and making it hard to decide where to re-invest. And even worse, legitimate ad networks’ algorithms can adapt to the fraud in real time, de-prioritizing campaigns and sources that are actually working because they are getting fewer installs attributed, thanks to theft by the fraudsters.

So it is absolutely critical to eliminate fake installs BEFORE attribution.

Transparent
Both advertisers and ad networks need to know what constitutes fraud, and they need transparent reasons why traffic, installs, or other activity has been classified as fraud. So Singular provides user-level decision logic for every single install, click, and impression.

Customizable
No marketer wants fraud. But marketers do want to personalize their fraud prevention strategies and define how aggressive they want to be. A marketer using largely self-attributing networks like Facebook, Google, Apple, Snap, and Twitter prefers a different strategy to one who is using many different niche ad networks, for example.

So Singular lets customers decide both the fraud rules they’ll use and what actions they’ll take upon finding suspicious activity.

Then, add scale

At Singular, we’re applying that philosophy while also harnessing the power of big data: analyzing more signals in higher volume. In June 2019 alone, Singular measured 70 billion ad impressions, almost 11 billion clicks, almost 6 billion app installs, and almost $350 million in ad spend.

And it’s not just big data. We’re also digging deeper, analyzing detailed signals from individual impressions, clicks, and app installs at greater depth to uncover suspicious activity.

That volume — and depth — are just two of the reasons Singular was recently able to unveil three new fraud-fighting technologies that collectively have become part of our already industry-leading Singular Fraud Prevention suite.

Get all the mobile attribution fraud prevention details

We compiled a data-driven report on the results our beta-test clients got when they used Singular’s latest Fraud Prevention suite.

Check out what they found by getting The Death of Install Fraud on Android for yourself.

Fixing a $13B problem: How Singular is killing app install fraud

You probably saw the news that we released last week: deterministic Android app install validation. This, along with a number of other improvements we’ve recently made, is a massive industry breakthrough that is completely game-changing for many of our clients.

Some of them are now saving massive amounts of money:

“Singular’s updated Fraud Prevention suite is the most powerful mobile app install fraud prevention I’ve seen,” says Channy Lim, Head of BI Department at Com2uS, maker of the hit mobile game Summoners War. “This will save us literally hundreds of thousands of dollars every month, and lead us to make more effective marketing decisions.”

The news is exciting, but I wanted to dive a little deeper.

I would like to share a little more detail about how app install fraud works, the problems with existing methods of finding it, and what we doing differently at Singular.

How app install fraud works

One of the ways fraudsters steal billions of advertisers’ dollars annually is app install fraud. Or, to put it another way: fake installs.

App install fraud is a collection of fraud methods that create fake mobile users and app installs. As opposed to attribution manipulation fraud, which steals credit for existing legitimate app installs, app install fraudsters take matters into their own hands and create app installs out of thin air.

There are multiple ways to perform fake installs fraud, and naturally, some are better than others.

The simplest and most low-tech way is a device farm. You get a bunch of devices, click a lot of tracking links, install a lot of apps, then open them, delete them, and reset each device’s Advertising ID (Android) or IDFA (iOS). Rinse and repeat regularly, and you’re collecting ad dollars.

But there are far more complex and advanced ways to perform fake installs that generate a lot more money far quicker.

One of the other ways fraudsters scale up their device farm operation is to use emulators and bots instead of real devices and real human beings who use the devices. This can be done in the cloud, and potentially on multiple servers in multiple locations, to try to look authentic.

One of the most notable techniques leveraged by smarter fraudsters is SDK spoofing.

Mobile marketers place software (an SDK) from a Mobile Measurement Partner (MMP) in their apps to monitor and measure the results of their marketing. In SDK spoofing, no app is ever actually installed … but an install is being reported to the MMP and potentially other analytics providers by faking the SDK’s traffic. This can be done by technically advanced fraudsters who understand how communication with the measurement service works and how to emulate that communication.

This is far more scalable than running a device farm, because once they have done the initial work, they can create a script to run on servers around the globe. That creates fake installs on fake devices. Alternatively, they can write code that can run on legitimate users’ devices anywhere, reporting installations of apps that have never been installed: fake installs on real devices.

Another example comes in the form of malware, where malicious apps install and run legitimate apps on real users’ devices. This happened for example with the Viking Horde malware. In such cases the user is real and the app is real but the install itself is fraudulent.

As fraudsters become more advanced they tap more and more into the power of the high-tech fake install techniques, and for good reasons. These attacks are highly scalable and hard to find, therefore netting the fraudsters huge amounts of money.

Detecting and preventing fake installs is hard

There are multiple ways to detect fake installs. The problem is that many are unreliable, inaccurate, and most importantly, ineffective.

SDK Message Hashing
Since SDK spoofing aims to fake an MMP’s SDK traffic, MMPs (including Singular) protect each message sent from the SDK. That’s typically done via hashing: taking the data from the message, a secret key that is different for each app, and combining them to create a blob of data that can be verified on the MMP’s backend.

The problem is that the secret is not so secret, as apps that run on users’ devices can create these hashes, so SDK fraudsters can extract the secret and algorithm from the publicly available app binary. At times they don’t even need to reverse engineer the algorithm since the SDK is open source.

Abnormal numbers of new devices
One interesting statistical technique to fight fake install fraud is to look for a high percentage of brand-new or never-before-seen devices coming from specific ad networks or publishers. When you see abnormally high ratios, it’s generally clear that something fishy is happening.

The problem however, is that fraudsters sometimes leverage existing devices or mingle their fake traffic with traffic from real devices, making it harder to spot anomalies.

Abnormal retention rate or other KPIs
Marketers can sometimes identify fraud by seeing abnormal rates of retention, in-app purchases, or other KPIs. For example, if your average retention is 15% on D14, but installs from a particular campaign, publisher, or network show a 1% retention rate, it’s clear that there’s something that deserves further investigation.

But Singular research shows that fraudsters have learned to fake retention and post install events/purchases.

For example, Singular uncovered a case of extremely sophisticated SDK spoofing campaign on iOS that fools most fraud prevention solutions in the industry. The fraudsters not only generated seemingly legitimate app installs but they also continued to send post-install events, in essence faking real users’ activity. They have even tried reporting in-app purchases, and while doing so reported revenue receipts for these fake purchases.

Sensor data and user behavioral analysis
Sensor data based solutions take post-install fake user detection one step further. These solutions try to detect abnormal devices or users by looking at non-marketing data points such as device movements (via a smartphone’s accelerometer and/or gyroscope), battery data, and user-screen interaction.

How?

Simple: sensor data for real devices should look different than simulators that don’t move.

The challenge is that this can be faked as well as shown in the huge “We Purchase Apps” scandal revealed in October 2018. In this massive ad fraud campaign, the perpetrators bought real apps, studied the usage patterns of their real users, and then created fake users coming from those same apps.

One of the biggest targets of this campaign was none other than Google itself, the company who has probably put the most effort into profiling real user activities and protecting advertisers from fake user emulation.

And more …
There are multiple other methods, each of which has its strengths and weaknesses.

The problem with post-install fraud determination

While post-install methods do an important job of raising the bar against fraud they have some inherent caveats that stop them from being effective fraud prevention tools.

1: Statistical (in)significance
Post-install methods are statistical tools that work by looking at groups of installs and checking if one or more of these groups exhibit anomalous activities. Usually these groups would be installs coming from the same publisher. For example, when looking for new devices it’s unsurprising to see a legitimate user with a new device, as new devices are constantly being sold to consumers.

However, for a publisher driving thousands of installs, seeing 95% of those installs from new devices should be highly suspicious. Fraudsters have figured out that they can’t be so blatant, and so they take action and hide. Some drive their traffic from many different publisher IDs and even networks to keep numbers low; some mix their fraudulent installs with legitimate installs to make the anomaly less apparent.

Utilizing such techniques allows fraudsters to avoid detection by making the anomalies statistically less significant, making it a lot harder to distinguish legitimates traffic from fake traffic and so making it harder to stop the fraudulent activities without incurring high false positives.

2) Post postback friction
As the name suggests, post install methods only come into effect after an install has happened, and might be processed days or weeks after the install. That also means that they are evaluated after an install postback is sent to the media source, which means after conversion and billing notification in CPI campaigns.

The result is that the media source will charge for the now-known-to-be fraudulent conversion … unless a process of reconciliation is done. This process is often manual, messy, and a cause of great friction between ad networks and advertisers.

3) Non-optimized optimization
Ad networks often perform real-time optimizations based on initial success analytics: evidence of conversions such as app installs. Now, however, those optimizations will be skewed by fraudulent activities.

In effect, having been rewarded by fraud, they will now optimize for MORE fraud.

As an example, if publisher A drives more installs than publisher B for some advertisers, the network might prefer to prioritize publisher A over publisher B and send more ads its way. Now imagine publisher A is actually driving fake installs which are not prevented in real time (as happens in post-install detection). The network will funnel more budget to A over B.

Even if those fraudulent installs are detected post-install and reimbursed, the damage has already been done and goals will not be met because of the optimization changes and budget shift.

Singular’s solution: deterministic pre-attribution fraud decisions

Singular strives to have no false positives. We want to clearly identify fraud at a granular level. So Singular’s fraud results apply to actual individual installs, devices, and users, not blanket-level sources or publishers (although we can – and do – block those too).

We also want to find fraud as conversions or installs happen.

Anything less will suffer from the problems outlined above.

When we took time out earlier this year to consider everything, it was clear that we needed a different approach here. We needed something that would work in real time — install-time — and have an extremely low false-positive rate while still maintaining effectiveness.

To meet these requirements, we decided to disregard everything we thought we knew about ad fraud and look for something new. As we reported publicly last week, after an exhaustive search we found what we believed would be a high-quality deterministic fake install detection method that works at install time.

The new method we discovered depends on signals from the install device that allow us to verify that a user exists, they truly installed the app from the store, and they haven’t installed the app an unreasonable number of times (sorry-not-sorry, fraudsters who “install” an app on a phone hundreds or thousands of times).

Of course, once we found this method, we knew we needed to validate that it works as expected at scale, in the real world, on thousands of ad networks. To do so we tested with some of the most successful mobile publishers on the planet. And we validated our results against post-install metrics.

The actual implementation of our new fraud prevention method proved to have a tremendous effect on some of our customers, eliminating their fake install problem. (Find more about it in our report.)

In a later blog post we will share some more details about our findings, but it’s safe to say that we were blown away by the scale of the fraudulent activity we’ve found, and as more and more customers utilize the feature, the numbers are only going to grow.

Interested in learning more? Schedule a demo to go even deeper.

The problem you don’t know you have: your attribution provider is outdated

It’s mind-boggling to think that the world of apps dawned on us back in 2008 thanks to Steve Jobs’ extraordinary visionary ability. It’s even more mind-boggling that for many providers, the state of the art in measuring app installs — mobile app attribution — hasn’t progressed much since then.

The universe of apps, ads, networks, and platforms born over a decade ago continues to expand, showing no sign of slowing down. The industry keeps innovating to find new areas and markets to break into, new formats that hook users in enticing new ways, and increasingly now, new ways of protecting consumer privacy.

But one critical area of the mobile ecosystem that should be inherently leading edge has resisted evolution: the mobile attribution provider.

In 2019, the traditional MMP is arguably still fit for purpose. At least, in the same way, a mobile phone from 10 years ago still works.

Yes, you can make calls and send the odd text (remember T9 texting!). But to settle for a decade-old experience is to ignore that most messaging now occurs on social apps that can also facilitate calls on WiFi — video calls at that, with your 12-megapixel camera!

Mobile attribution is no different.

In the early days of mobile attribution, counting installs accurately and attributing the right source was all that was necessary for user acquisition managers to run their campaigns well. But fast forward to today and the ecosystem and sophistication of acquiring users has increased exponentially (as have the fraudsters) while traditional MMPs still shout about passively counting installs like they were sheep.

The problem with your provider just counting installs

Part of the issue is that many advertisers accept this basic offering as if it were gospel.

They might be looking for that mobile measurement partner badge and some anti-fraud capabilities, so the majority typically choose one of the traditional providers or a more cost-friendly option and then start adding on top of that.

Not a horrible strategy, but it doesn’t take you anywhere close to a 21st-century world-class tech stack.

It all comes down to uncovering your true return on investment and for this, you need to go beyond the attribution provider who just counts installs. You need to know what you’ve spent (and where! and how! and with what creative! and when you changed bids!) and the bad news is … they are not very good at telling you that.

Counting backward from installs to cost just isn’t very accurate. Plus it throws away critical data that you need for optimization. And buying a solution for cost separately leaves your BI engineers trying to stitch the two data sets together to give your marketing team some idea of the outcomes of their campaigns.

But all of this is an exercise in trying to make a square peg fit a round hole: you get a load of user-level data from your measurement partners and a shipment of aggregate data from your cost solution. These two elements don’t play together very nicely, failing to provide the insight that you need to execute and optimize your campaigns properly.

To make matters worse (yes, it gets worse!) the Adjusts and Appsflyers of the world lack what should be the very bare basics of reporting.

For instance, want to compare how different apps perform in the US on one screen or how different networks perform in Germany? You may not be able to with some of these players. Need to see your post-install metrics side by side with your campaign data? Hmm, that may not be possible either.

The list goes on and these shortcomings have fallen on the advertiser’s teams for far too long and they’re not something you should aim to solve yourself.

The problem with trying to address their shortcomings yourself

You might be thinking right now, as inconvenient as the above sounds, the task is not beyond your capable engineers.

You are correct.

At Singular, we see many examples of BI teams coming up with systems that account for the limitations of their tracking provider and aggregate cost data to surface ROI at the deepest levels they can. But if you are seeing growth across your organization or if you’re aiming to ramp up quickly, you’ll find this approach is not scalable. Pulling in increasingly larger sets of data from your attribution provider and cost solution vendor and then querying your own data systems means slow download times, crashing systems and gaps in your data.

(Never mind all the work to keep updating for new APIs and processes, endpoints and schema changes.)

This is not a winning tech stack. Not only are your BI team are tied up in the stitching together of data, your UA team only has limited data which is slow to update to do their optimizations. At first, this delay in optimizing and what appears a marginal loss in optimization quality due to limited granularity may not seem significant enough for you to rebuild your tech stack. It’s a hassle, and little gains may not seem worth it.

But if your competitor runs on the same network as you and optimizes 2% more efficiently and 5% faster (and many of them are) … multiply that by the numerous optimizations you do every week over months and it soon adds up to sizeable and steadily increasing disadvantage.

The answer to all your marketing data problems

You don’t have to be a massive organization to feel the pain of a fragmented marketing stack and the effect it has on your ability to execute stellar marketing campaigns.

For every successful start-up out there that figures it out, there are 20 that struggle. The marketing landscape is fierce and to have the best chance of establishing yourself as a serious player, you must equip yourself with the right tools that will give you the edge right from the get-go.

This means that a provider that just counts installs has no place in your top-notch tech stack and you should ask for more. Much more.

At Singular, a marketing intelligence platform, we understand how important this is. That’s why we’ve made it our mission to unify marketing data to enable our customers to get the insights from the most top-line cross-channel view to the deepest levels of granularity.

Our reporting reigns supreme not only in granularity but flexibility too.

If you cannot see your Facebook and Vungle data side by side and compare it like for like, and within minutes drill down to the ROI and retention of a specific creative across those two (or more) networks — we have customers who can.

And it makes a difference.

You’ll find in our suite custom dimensions and unlimited filter options that let you slice and dice data in a way that is meaningful to you and makes sense of the wilderness that is the mobile ecosystem. Even small companies without a BI team that utilize Singular’s full-stack have access to better, cleaner data and more advanced reporting insights than some of the largest players out there,

The age of the attribution provider is over.

The time of the marketing intelligence platform is here.

Personalizing your fraud prevention strategy with Singular’s custom fraud rules

Mobile ad fraud is an ever-growing threat to marketers, with fraudsters continuously evolving attack techniques. The exact figures for how much ad fraud costs marketers is highly debated, but eMarketer’s Digital Ad Fraud 2019 states that the estimated impact ranges from $6.5 – $19 billion annually.

To navigate this complex problem and effectively prevent ad fraud, marketers need to have an understanding of the techniques used by fraudsters and employ an always-on fraud prevention strategy that proactively rejects fraud. Otherwise, ad fraud can be detrimental to marketers in two key ways: one is the wasted ad dollars on installs that are either fake or hijacked, and the other is dirty data that is inaccurately skewed towards fraudulent networks instead of high-value networks or organic traffic.

Fraud prevention that adapts and reacts

Singular’s industry-leading Mobile ad Fraud Prevention Suite is built and maintained by a highly skilled set of scientists that are dedicated to staying one step ahead of ad fraudsters and their attack methods. The Fraud Prevention Suite provides a proactive approach to detecting and combating ad fraud at scale.

Singular’s fraud prevention dashboard

With Singular’s rules-based fraud prevention, marketers can automatically apply deterministic rules in real-time to block installs before they are attributed to a fraudulent ad partner, or flag activity that is suspicious for further investigation. Automatic fraud rejection gives marketers peace of mind from knowing their ad dollars are always protected and eliminates the need to spend time reconciling ad network invoices.

Singular’s Fraud Prevention Suite not only comes pre-packaged with industry-leading Fraud Prevention Rules but also offers marketers the flexibility to define their own rules, what we call Custom Fraud Rules.

Personalizing with Custom Fraud Rules

With Singular’s Custom Fraud Rules, marketers can personalize their fraud prevention strategy to meet their brand or apps unique needs. For example, they may want to have a more aggressive approach to combating fraud if they’re advertising in markets that are more susceptible to ad fraud, or even if they’re testing new networks, each with varying levels of fraud.

Marketers can create Custom Fraud Rules by defining the conditions and rules that trigger automatic rejection of attributions or flagging of suspicious activity. The flexible rule builder allows the marketer to define multiple conditions that need to be set for the rule to trigger on a touchpoint, enabling them to implement a variety of personalized fraud-fighting rules.

Some examples of Custom Fraud Rules marketers have implemented include:

Publisher Blacklisting
Select specific sites to blacklist from your campaigns. While you will also want to confirm your site blacklists directly with your partner, this rule gives you the power to reject traffic that comes from unreliable or underperforming sites.
Fingerprinted Traffic Whitelist
Define and whitelist traffic sources that are trusted enough to send fingerprinted installs. Automatically reject or flag fingerprinted installs from install sources that are less reliable.
Block Unauthorized Store Installs
Most Android apps are only published on the official Google Play Store. Automatically reject Android installs that came from an unauthorized store.

The flexibility of the Fraud Prevention Suite also allows you to add additional fraud checkpoints. These rules take known characteristics of your apps and campaigns, and allow you to quickly filter out traffic that doesn’t meet your standards.

Country Mismatch
Use this rule to automatically reject or flag installs that take place in a country that your campaigns are not targeting.
App Version
As you update your app version, it becomes impossible for new users to click and install deprecated versions. Fraudsters can struggle to update their attack to include the newest app version from the traffic they send, so blocking deprecated app versions can eliminate a source of fraud.
Time-to-install
When the amount of time between an ad click and the resulting install is unusually small, it can be a sign that the install was hijacked by fraudsters. Similarly, when the time between a click and an install is too long, click spamming might be taking place. Set a custom time-to-install threshold based on the size and usage of your app to automatically reject or flag installs with unrealistically short or long install times.

Savvy marketers from top brands are already taking advantage of this personalized approach to fraud protection, which is paying off in significant cost savings.

Recently, a leading e-commerce app in the APAC region implemented a rule to prevent non-approved publishers and sites from sending fingerprinted traffic. After implementing the rule, 16% of the traffic sent from these sources was automatically flagged and rejected.

Another client, a global giant of gaming, set their iOS receipt validation rule on. When testing a new source, they found that 100% of the 11,000 installs were flagged and rejected for fraud. An additional benefit: no make-good negotiation was required … since the fraud prevention did not allow these installs to be attributed!

When fraud strikes, the marketers that leverage Singular’s Fraud Prevention strike back with high-tech fraud detection and prevention. But this is just the beginning. We’re dedicated to further innovating our Fraud Prevention to keep up with the changing face of ad fraud.

Want to see how much you could be saving with next-level fraud prevention?Reach out to your Customer Success Manager for a complimentary fraud audit.