SDK Spoofing: The Future of Mobile Ad Fraud

SDK Spoofing Future of Mobile Ad Fraud
Reading Time: 4 minutes
SDK Spoofing is the future of ad fraud. It is on the rise and accounts for a large portion of ad fraud committed. However, it is detectable. Let’s deep dive into what exactly is SDK Spoofing and how to prevent it.

SDK Spoofing, yet another trending topic in the matrix of scary cyber-crimes and fraud? Yes, but it does not have to be. SDK Spoofing is a type of ad fraud, which is increasing. From q1, to q2 2019 SDK spoofing increased from 17% to 20% of the total share of mobile ad fraud. However, the picture is not all bleak. According to a report by Hewlett Packard Enterprise, Ad fraud is the easiest type of hacking to prevent and has the highest payout potential (see table below). As the wily and up-starter of the ad fraud bunch, SDK Spoofing certainly deserves our attention and effort.  


In this article/


SDK Spoofing: The Future of Mobile Ad Fraud
Source: Hewlett Packard Enterprises, ‘The Business of Hacking’, May 2016


What is SDK Spoofing?

SDK Spoofing is highly sophisticated and relatively new.  Fraudsters first hack MMPs and listen to their “secure communication” which is integral in the advertisement and attribution process. They then replicate it and mimic this information to fool the attribution process. The information sent, simulates real installs, and often in-app events. This information is sent in various ways, including Trojan APK, Trojan SDK, and botnets. 

The first method is through this information being replicated and stored in an SDK which is built into a Trojan APK (masked as perhaps an innocent flashlight, or pedometer app). SDKs are an essential element of all apps. Therefore, when you download what you think might be an innocent alarm-clock or wallpaper app, you might be downloading an app, that is designed for SDK Spoofing ad fraud, by sending signals to an MMP from your phone. 

The second method is a genuine company, accidentally using a Trojan SDK in their app. These Trojan SDKs may seem to serve a real purpose, however, are designed to hack an MMP. Again, once this genuine app is downloaded, signals will be sent from your phone to the MMP. 

The third method is through this information being sent from a botnet (such as zombie devices and computers), directly to the MMP, disguised as a genuine install from a genuine device and user. 

SDK Spoofing: The Future of Mobile Ad Fraud


Why SDK Spoofing is a Problem

SDK Spoofing is a problem for a few reasons: (1) its sophistication (2) its growth (3) its economic impact on individual businesses, industries, and national economies.

SDK Spoofing: Sophisticated and Bespoke

Yes, in the school of fraud, SDK Spoofing was the valedictorians, the principal ballet dancer and winner of this year’s science fair – they are smart, sophisticated and creative.

Why is SDK Spoofing sophisticated? Because it came about in response to other methods of ad fraud being detected and prevented. Additionally, this is one of the few methods of ad fraud, which is technically a form of “hacking”. Also, because the hacking and fraudulent information is often sent from innocent users’ phones, it looks genuine, and thus, is harder to detect. 

Bespoke? SDK Spoofing is essentially fraudulent information – any information can be sent to simulate any situation or event; a perfect gamer – who installs quickly and plays for hours every day, a high-spending e-commerce customer – buying every kimono on-site, or a serious suitor – instantly updating to the premium dating service package. SDK Spoofing can not only fake installs, but can convincingly fake clicks and a range of quality in-app events. Thus, fooling MMPs, ad networks, and most importantly, businesses. 

SDK Spoofing is on the Rise

Once fraudsters learn how to spoof a particular campaign, it is much easier to spoof subsequent campaigns. Ad fraud is big business. Ad fraud detection companies are getting smarter and more traction. As SDK Spoofing is one of the hardest to detect methods of ad fraud, it is on the rise. Simple. 

Ad Fraud is Costly

Deloitte and the WFA claims that ad fraud’s economic impacts supersede the individual businesses affected, seeping out into whole industries and national economies. They argue, that for every dollar spent ineffectively on marketing, the damage to that business is 6 times that amount. Thus, the economic impacts are spreading to industry and national economies and should not be ignored. You cannot get any more macro than that! 


Search and Destroy

Now the good part – it is not all doom and gloom, the solution is accessible. Fortunately, Interceptd has numerous methods of SDK Spoofing prevention and detection. Many companies offer detection solution, however, Interceptd is one of the few mastering detection and prevention. Interceptd works to detect SDK Spoofing, and alerts customers when SDK Spoofing is present. Customers can then decide to block that traffic. Alternatively, customers can decide to customize their settings to automatically block any traffic deemed to be SDK Spoofing before the install –  a.k.a., prevention. 



SDK Spoofing will be the future of fraud – probably. It already accounts for 18% of ad fraud and is on an upward trajectory. Ad fraud solution companies, such as Interceptd, detect and prevent ad fraud. Therefore, fraudsters are forced to generate new, more sophisticated methods. It is a technological game of cat and mouse. If you want to catch the proverbial mouse, you either need to be a cat or elicit the services of one. 


Leave a Reply

Your email address will not be published. Required fields are marked *