The Essentials of Mobile Attribution Fraud

Reading Time: 4 minutes

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu

It is an indisputable fact that in today’s world where the mobile app industry grows dramatically, the advertisers and the app developers spend valuable time every day, putting so much effort into finding high qualified traffic. Unfortunately there are unscrupulous people and companies that disregard all these efforts and steal their money. It is not melodramatic to state that we are currently at war with fraudsters. Continuing our daily business in the app economy in blind ignorance of this enemy will only result in damaging campaigns and further money wasted.  

Mobile ad fraud is undoubtedly the biggest threat to the app ecosystem. You must know your enemy and their methods well so that you can win this war against these committed bad actors. There are many different fraud types that continually corrupts and therefore damages marketing data of advertisers. Let’s familiarize ourselves with the most sophisticated ones among them.

Attribution Fraud

Before we talk about the kinds of attribution fraud we frequently encounter lets analyse the methodology applied in attribution. An attribution model is the rule that determines how credit for sales and conversions is assigned to touchpoints in conversion paths. In the app ecosystem the Last Click model applies meaning that Mobile Measurement Platform (MMP) for example AppsFlyer assigns 100% credit to the final touchpoints (i.e., clicks) that immediately precede conversions (installs).

Unfortunately the last click model is easily exploited by fraudsters who are able to manipulate attribution services to make the entire journey look as if they were the provider of that important last click and therefore get paid for driving the install as per the CPC, CPI or CPA programme they are participating in.

So what harm does this cause app marketers? Well for a start it causes CPI costs to increase over time. You can see the chart below which shows how having an install “stolen” from you  can have a detrimental affect on how networks perceive the value of your campaigns and their ability to earn revenue from them.

(1) The clean publisher (X) requests and ad from Ad Network to show its user.

(2) Ad Network priorities campaign in order to maximize its revenue.

(3) Ad Network selects campaign A (with the highest expected revenue), to be served by publisher X

(4) Publisher X shows the ad A, to its user.

(5) User clicks the ad and is redirected to attribution tool

(6) Fraudster publisher Y sends a fraudulent click (attribution fraud)

(7) User is redirected to attribution tool, with the last click from Publisher Y

(8) User is redirected to store and install the app

(9) The app is downloaded & the information is sent to attribution tool

(10) The attribution tool decides to credit publisher with the last (but fraudulent) click

(11) No credit for the clean publisher X

(12) When another ad is requested by a publisher, Ad Network’s motivation to select campaign A will be decreased, since Ad Network could not earn money with it. (When this cycle is repeated many times)


Below are the three main types of attribution fraud that we see on a regular basis. In 2019 we will undoubtedly see variations in these tactics as the fraudsters continue to target the attribution model to make money.

Click Spamming

This is where fraudster apps running in the background on a user’s phone simulate a high number of fake clicks in order to be attributed for what would have been organic installs. Click Spamming is also known as Click Flooding in the market.

Click Injection

Click Injection is only seen on Android devices because the tactic exploits an Android feature known as “install broadcasts” where all apps (including a fraudster’s app) on the user’s phone are notified when a new app is being installed. This enables the notified fraudster app to send a series of fraudulent clicks to the MMPs before the install is complete. It results on the fraudster getting credit for what is most likely an organic install.

Click Hijacking

This is the case of that fraudsters sometimes target the real, qualified publisher by following legitimate clicks passing through them. Since they are able to send their own clicks to the MMPs after legitimate clicks, they can attribute the install themselves, they manipulate the MMPs and make a bad impression on the performance of your ads in a proper publisher.

SDK Spoofing

SDK Spoofing has become the most discussed fraud type recently. Although it’s not classed as a type of attribution fraud it should be mentioned here as it does involve the manipulation of attribution tools. Fraudsters essentially create a bot that hides on an app and generates a series of clicks, installs and engagement signals to the MMP fooling the MMP into thinking the events are real from a genuine source that again is rewarded for generating that action.

Final Words

Attribution fraud is as harmful to app marketers as install fraud from manufactured clicks or installs. It is more insidious as its effects are more gradual causing skewed data and resulting in marketing budget being spent or disproportionately spent on paid channels thinking that most of the high quality installs are being generated from here.

Fraudsters have the capability of targeting MMPs easily. It is almost impossible to analyse each install individually to detect fraudulent traffic so it is necessary to have publisher based analysis done by a specialist fraud prevention platform. We believe platforms such as Interceptd are a necessity to police the market more effectively and provide a much needed audit of the attribution platforms.