The different faces of mobile ad fraud
Ad fraud is when an individual or group attempts to defraud advertisers, publishers or supply partners, by exploiting advertising technology with the objective of stealing from advertising budgets. It is particularly challenging for marketers to deal with because it comes in variable forms and it has the capacity to evolve and bypass the latest prevention methods.
Today, there are two forms of fraud in particular that app marketers are grappling with: Fake Users and Attribution Manipulation.
Fraudsters use bots, malware and install farms to emulate clicks, installs, and in-app events, causing advertisers to pay for an activity that is not completed by a real user.
Fake User fraud is most commonly perpetrated via:
Install farms, which consist of humans who are paid to manually install and engage with apps across a large number of devices.
Mobile device emulators that simulate a large number of unique device IDs used in fake installs.
Data centers that host scripts to generate fake installs and other types of events at massive scale.
Proxy servers that are used to reset IP addresses and spoof device-level information (like location, to emulate installs in other countries)
Fraudsters steal credit for installs by sending fraudulent clicks, which results in attribution systems recording sent clicks as the last engagement prior to the first time an app is opened, thus assigning credit to the fraudulent source and removing credit from an app’s organic or paid sources.
Attribution manipulation is a particularly harmful form of fraud because it not only costs marketers their spend, but it also corrupts performance data, causing marketers to make misguided acquisition decisions.
For example, the damage inflicted by a fraudulent source poaching organic users is twofold: an event reduces the number of organic users in a marketer’s analytics, as well as the perceived impact of organic user traffic on revenue growth. This can cause organizations to shift marketing away from efforts that target organic acquisition such as ASO or content marketing. Additionally, this can make a marketer invest more money in the fraudulent source, thereby diverting spend away from high-performing channels that drive legitimate traffic.
Attribution Manipulation is most commonly perpetrated via:
When fraudsters create apps that are legitimately downloaded by a user but, unbeknownst to the user, monitor the user’s device for installs and insert fake clicks before an app is first opened.
This occurs when fraudsters send large numbers of fraudulent click reports with real device IDs in an attempt to poach organic users by delivering the last engagement prior to an install. Because attribution windows are typically limited to finite time periods, fraudsters often re-send fraudulent click reports in order to maintain their clicks as the last engagements within the attribution window.
While click injection is focused on sending clicks at the moment immediately before an app is first opened, click spamming is focused on sending clicks that contain a unique device ID in the hope that an ID matches that of an organic user who subsequently downloads the app. Compared to click spamming, click injection is a more sophisticated form of fraud that is easier for fraudsters to control and to hide. Because click injection receives signals that an app has been installed directly from a user’s device, click injection attacks are more targeted and therefore deliver better results for fraudsters.
Thankfully there are indicators to detect such scenarios. Since click injection generates a click after installation is complete, it tends to result in a short click-to-install time. Click spamming, on the other hand, results in abnormally long click install time, due to clicks lingering in the attribution system until a device with a matching ID organically installs the app. TTI analysis is one of the leading mechanisms to fight attribution manipulation and fraud in general.
Other forms of Attribution Manipulation also exist, including:
Network Click Fraud
Networks that report a click when only an impression occurred.
A technique that targets organic users for fraudsters to send clicks with no advertising IDs, causing attribution systems to fall back on fingerprinting — which relies on identifiers like IP address, device model, and OS version — to perform attribution. If an organic user on the same network installs the app, and other identifiers match up, the fraudulent source steals credit for the install from the organic source.
Want to get the full scoop on mobile ad fraud prevention, including a list of the most secure ad networks for app marketers, and the most effective fraud prevention methods?
Check out the Singular Fraud Index; the first of its kind to utilize mobile fraud data collected from multiple attribution providers and fraud prevention tools.