Mobile ad fraud is a multifaceted issue: it’s difficult to identify, and once victimized, advertisers have an even harder time proving that the fraud occurred in the first place. 

Three key patterns signify fraudulent behavior affecting marketers today. Each form varies in its complexity and methods for targeting user acquisition campaigns, but have the same results: marketers pay for fraudulent activity.

Preventing frauds from happening rather than detecting them after the fact works best to discourage fraudulent activity in general. By wholly eliminating untrusted and tampered traffic, the industry can significantly reduce and eliminate several forms of mobile ad fraud. 

Take the following recommended actions against these three identified patterns to start mitigating fraud in your business:

1. Automating User Activity: Fakes Installs on Simulated Devices

The problem: Ad networks run schemes out of data centers where falsified clicks, installs, sessions and even in-app user behavior are triggered endlessly by server-side software on a big scale. Since payouts are subsequently on-the-line, this form of fraud depends on geo-spoofing to decrease chances of discovery, which is often difficult to mitigate after the fraud occurs.

The solution: Set up an IP blacklist to block and prevent the IPs associated with the simulated device traffic from data centers. Any activity registered from ad networks associated with data centers simulating this traffic would be easy to identify in advance. This method is so simple, in fact, that it should be an industry standard.

2. Poaching Installs: Charges Advertisers for Their Own Organic Clicks

The problem: Fraudsters steal a piece of an app’s organic user base and claim it as their own.

As users run an app or browse a mobile site, numerous — often times hundreds — of ads are being served in the background and executing clicks, entirely out of sight. This is referred to as “pre-loading” or “click spamming” — when a click devoid of human interaction executes an invisible redirect. 

This enables fraudsters to send a myriad of background clicks for endless offers from as many devices on the market as possible. Under this model, a percentage of the users who organically installed will have unknowingly had an ad served. In the end, advertisers pay a CPI to a performance channel for organically acquired users who never saw or clicked on a visible advertisement.

The solution: Create an attribution model based on click-to-install data, and leverage it with your ad partners to verify their data.

Start by identifying irregular click-to-install time distributions. Irregular click-to-install time distributions look like flat and even distributions of installs over time, and typically indicate background clicks. 

In contrast, campaigns receiving traffic from genuine advertising activities have an inversely exponential click-to-install time distribution. The vast majority of real users install an app almost immediately after clicking on an ad and visiting the app store.

Secondly, prevent organic installs from being poached through a rigorous fingerprinting scheme. Match a variety of characteristics between click and install. You can match a specific click to a specific install as long as it occurs within a specified attribution window, for instance. The stricter the fingerprinting scheme, the harder it is for fraudsters to tie faked clicks to organic installs.

3. Fraudulent HTTP Calls: Fakes SDK-Triggered Installs

The problem: While HTTP is what makes the internet great ­— in fact, it’s what makes using the internet possible ­— it isn’t encrypted, so fraudsters can intercept the data passed back and forth between parties if your partners aren’t using an encrypted HTTPS connection.

As such, a fraudster can falsify HTTP requests to spoof SDK-transmitted install data. Thus, advertisers are charged for installs due to unsecured service providers.

The solution: Block opportunities for fraudulent HTTP calls by securely transmitting data. 

First, ensure your SDK transmits all data with SSL (Secure Sockets Layer) encryption for all traffic. Second, introduce a shared secret for traffic verification, such as a token or an ID that is only known to the app and to the server. 

Bundle IDs or other app store identifiers are fundamentally flawed here in that they are public — available to anyone. A real shared secret authenticates transmissions between communicating parties, such as an SDK and a server. This means that without the secret, spoofing traffic is impossible. This, along with SSL encryption, virtually eliminates the threat of false HTTP calls.

A Call for Industry Responsibility

Industry players can employ a variety of strategies to dramatically reduce and even eliminate user acquisition fraud.

Third party attribution solutions stand in a particularly unbiased vantage between the advertiser and ad network or publisher, giving a unique opportunity to act as a regulator and create tools and features capable of mitigating the effects of fraud.

At the same time, one player alone cannot be as effective in the mobile ad ecosystem. To stop fraud from being profitable, the industry itself needs to move towards responsible traffic filtering as a whole — which is why I encourage all industry players to work together to develop the tools necessary for a healthy mobile ad economy.

It’s arguable that as long as there is money to be made there will always be fraud. 

Call it realism, call it a symptom of the market, call it whatever seems right — all that matters is that we, as an industry, finally take responsibility.

Title image "" (CC BY-SA 2.0) by  SpeNoot