Ad fraud prevention and mobile marketing: How to beat the fraudsters

Sometimes it seems like ad fraud prevention is impossible in mobile advertising campaigns. There’s so much mobile ad fraud that some marketers throw up their hands and give up, just accepting that fraud detection is too hard and that fraudulent clicks and fraudulent app installs are inevitable.

In some ways, that’s not surprising.

At Singular, we see some mobile ad networks with 80% fraud. Some even have higher.

And there’s plenty of bot traffic and fake clicks in ad campaigns … including fraud that third-party solutions and dedicated fraud detection companies simply cannot detect. With programmatic ad campaigns, real-time bidding, and high-speed modern digital marketing, it can certainly be challenging.

But it would be a huge mistake for app publishers to see the sometimes huge level of ad fraud in the marketplace and hold up a white flag, surrendering their budgets to fraudsters and allowing it to skew their reporting. There are anti-fraud solutions, click fraud detection methods, and strong fraud protection solutions. In short, there are multiple ways to add fraud detection tools and reduce your “fraud tax” massively.

And yes, Singular can help media buyers with that.

Important note:
We’ve also recently added incredible deterministic fraud prevention techniques for Android plus new capabilities to address the inevitable fraud that will hit iOS 14 and SKAdNetwork attributions.

And one other thing:
With Singular, fraud prevention is part of the package. You never have to pay more for fraud prevention.

At Singular, we focus largely on mobile app fraud. That doesn’t mean we ignore fraudulent clicks or fake clicks or faked ad impressions. On the contrary, we do significant detection and prevention. But app install fraud is a core focus. That’s because our business as a mobile measurement partner for Facebook, Google, Apple, Snap, Pinterest, and hundreds of other ad networks allows us to zoom in on this particular area.

(Of course, our marketing analytics product works for all marketing: mobile, web, even offline.)

Mobile app fraud is a lucrative space for fraudsters, which makes ad fraud prevention challenging, to say the least. As we mentioned in our recent fraud report, estimates of the costs of digital ad fraud range from a “low” of $19 billion annually to a high of $42 billion. With app developers now spending more than $40 billion annually to drive mobile app installs, a big chunk of your brand dollars is going to smart but ethically challenged hackers. And, their false positives are ruining your ROI measurement analytics.

So it’s very much worth our time focusing on ad fraud prevention. It’s how we found the industry-first way to do deterministic Android Install Validation. And, it goes without speaking, it’s worth your time finding the best fraud protection in the advertising ecosystem to keep your ad spend focused on legitimate activity.

So malicious ad fraud sucks billions out of the ecosystem. But how does it work? And how do shady characters convert honest advertising budgets into dishonest gains?

Fraudsters get started on the lucrative career path of fake clicks, fraudulent traffic, bots, and faked views of video ads by getting set up with an ad exchange as a publisher. In the web space, that might be as a long-tail website. In the mobile app space, it’s probably some anonymous copycat app, or a utility app like a flashlight.

(It’s not just tiny apps, though. There have been some very big app publishers with more than 100 million downloads who have been kicked out of the Google Play Store due to mobile app install fraud. Often, fraudsters will buy existing apps that publishers have given up on and use them to fraudulently display and engage with ads.)

Once the fraudsters have a place to display the ads, they need to invent seemingly “human” viewing, interest, and engagement with them.

That’s after all, what mobile marketers are paying for. Because at the same time as the fraudsters are setting up fake or low-quality apps, mobile advertisers are signing contracts with ad exchanges and ad networks to deliver ads. Many of these pay out only when an ad “works” … resulting in an app install.

Then the two worlds meet.

Even though the fake or low-quality apps don’t have many real users or much engagement, the fraudsters fake good metrics. Without that, they don’t generate app installs, and app installs generate cash.

Low-tech fraudsters might set up “device farms,” where one person operates dozens or hundreds of cheap low-end phones … endlessly tapping around, installing apps, resetting phones to get a new advertising ID (IDFA on iOS, GAID or AAID on Android).

(This of course won’t work well on iOS in 2021, when Apple fully implements its privacy changes in iOS14 and the IDFA becomes opt-in and very scarce.)

High-tech fraudsters are more likely to emulate mobile devices in cloud-based servers. This is much more lucrative, because now you can spin up hundreds, thousands, or hundreds of thousands of “devices” with the click of a mouse … and you can automate the repetitive tasks of faking engagement, watching advertising videos, clicking on ads, and “installing” apps. The web equivalent is buying traffic from bots that look human, but aren’t. And this is easy with multiple botnets active on the dark web, ready to be rented.

Another very popular method right now is SDK spoofing to create a flood of new “organic” users along with users from paid marketing campaigns. Unfortunately, the users from the paid marketing campaigns are just as fake as the new organic users. And since fraudsters know to change their publisher IDs regularly, it’s hard to find these bad actors with statistical methods.

Now the fraudsters are making (stealing) money.

The most sophisticated ones might even start their own ad networks, or hook into a programmatic exchange. Now they’ve got vertical integration: they can source marketing demand … and they can provide ad supply. It may even look like they’re providing complete transparency. But there’s no brand safety, there’s no actual transparency about what’s happening, and most of all, there are no real people on real devices really encountering ads in an organic way.

And some super-sophisticated fraudsters have implemented listening mechanisms in their SDKs —- which might be in various mediation platforms — so they can hijack clicks after seeing them in real-time.

You’ve probably seen a few different forms of mobile ad fraud. Not surprisingly, each requires unique methods of ad fraud prevention.

One is what we just discussed: fake install fraud. The device might be real — in the case of physical device farms — but the user certainly isn’t, and the install is certainly not genuine.

Another is attribution fraud.

Here the device is real. The user is real. And the install is real. The evil genius behind this form of mobile advertising fraud is that while all those are real, the bad guys are sniping someone else’s win. Like the bully who steals a school kid’s lunch money, these fraudsters swoop in after a legitimate ad network has done all the hard work of targeting a user, placing an ad, and driving an app install.

Instead of getting credit for all their hard work, however, these ad networks get played. And cheated.

Fraudsters who understand how mobile app attribution works send fabricated clicks (click injection) to measurement partners after an app install begins but before someone opens the app. In a predominantly last-click attribution model world, they hope to get credit for that install … and claim a sneaky financial bounty.

Others are continually sending clicks — click spamming — for similar reasons. And yet others do SDK spoofing, or click fraud, or ad stacking, mobile click fraud, or any of a number of different ways of separating advertisers from their hard-earned marketing dollars.

That’s why Singular offers many different forms of ad fraud prevention. Our methods include but are not limited to:

1. iOS Install Validation
2. Android Install Validation
3. Hyper Engagement
4. Geo Bleed
5. Time to Install Outliers
6. Outdated SDK Version
7. Outdated App Version
8. Non-Play Store Installs
9. Click/Install Origin Country
10. Blacklisted Publishers
11. Blacklisted IP Addresses
12. Click hijacking
13. SDK spoofing
14. SKAdNetwork post-install events and postback replay

One thing, however, is super-important. Ad fraud prevention needs to operate in, basically, real time … what we at Singular call proactive prevention. Proactive fraud prevention solutions block ad fraud before an attribution decision is made.

There are several important reasons why this is critical.

One is financial.

If you’re making decisions about fraud detection a week or a month after an app install happened … advertisers may already have paid for that fraud. Fraudsters, in turn, are much more likely to have gotten away with it, made their money, maybe even turned those bots or that traffic off, and maybe even disappeared with their ill-gotten proceeds already.

So proactively fighting fraud and making an early decision eliminates the need for marketers to deal with reconciling invoices with ad networks.

That’s critical for Singular customers: they don’t waste their time. But the second reason why proactive ad fraud prevention solutions are so critical is strategic.

For mobile marketers, the past is prologue. You analyze past ad allocation decisions in light of the attributed results. Did we achieve good click-through rates? Did we see high conversions? Did we get app installs from those campaigns? And … did the users we acquired engage in our app and stay: do we have good user retention?

The problem is that if you have a lot of hidden and unknown ad fraud in your campaigns, you’re making future decisions based on bad data. You are optimizing on erroneous results, and that’s extremely dangerous. For example, you think you have good click-through rates … but you actually don’t. One bad decision can easily become two, and so on and on until you’re rewarding bad networks that look good and punishing good networks that look bad.

This is a recipe for mobile marketing disaster.

A proactive ad fraud platform means you’re making the right decisions quickly … and then optimizing your user acquisition supply chain based on clean data. You’re making informed decisions about the future that are MUCH more likely to be right, and you’re getting the right audience into your app.

Preventing these problems is simple. You don’t have to take our word for it: our customers speak for themselves.

Korea’s Com2uS — makers of Summoners War — is saving millions annually:

“Singular’s updated Fraud Prevention suite is the most powerful mobile app install fraud prevention I’ve seen. This will save us literally hundreds of thousands of dollars every month, and lead us to make more effective marketing decisions.”

Channy Lim, Head of BI Department
Com2uS

Glu Mobile — think Kim Kardashian Hollywood, Deer Hunter, or Diner Dash — is getting much higher return on ad spend:

“Singular’s new fraud-fighting technology helps our User Acquisition team focus on legitimate campaigns and significantly boost return on ad spend.”

John Parides, Senior Director of User Acquisition
Glu

And India’s Cleartrip, the leading travel booking site in emerging economies, says Singular’s Fraud Prevention solution sees more than the competition:

“Singular’s new progressive anti-fraud solution detected more ad fraud than competing solutions. This is a game-changer and will play a key role in making growth decisions.”

Ronak Jain, Mobile Marketing Manager
Cleartrip

Singular Fraud Prevention is comprehensive, covering every significant kind of fraud. It’s transparent, so you’ll always know what we’re calling fraud. It’s customizable, so you can adjust how it works for you, ensuring that only the settings you care about are enabled. And it’s adaptive: we’re constantly updating it for new attacks.

We’ll help you understand just how much you’re losing, where it’s going, and how to re-allocate spend to truly performant ad networks.

Here’s how:

Get a demo