The Main Types of Mobile Ad Fraud
Reading Time: 4 minutes
There are many different types of mobile ad fraud, in this ever-changing dystopian ecosystem. According to our fraud experts, we expect ad fraud in 2020 to become more “holistic” as fraudsters will pool their learning, resources, and techniques to branch out into the entire marketing funnel – from programmatic to influencer marketing, to ad networks and mobile advertisements. Of course, we can expect them to become more sophisticated. It is just one of the plethora of reasons pointing towards the importance of understanding the different types of mobile ad fraud. Let’s take a look at some of the most common forms of mobile ad fraud that will be relevant in 2020.
In this article/
SDK Spoofing
Spoofing is a relatively new, advanced, and sophisticated method of mobile app fraud, where the fraudsters listen to the vital communication between MMP (Mobile Measurement Platform) or attribution tool and ad networks and application stores. These vital communication signals are then replicated and edited to simulate any form of activity desires. This information is then hacked into the MMP to fraudulently simulate genuine clicks, installs, and in-app activity.
Click Spamming
Click spamming is one of the different types of mobile ad fraud that is also considered a kind of attribution fraud. The intention is to claim credit for an organic install that occurred. Thus, an organic install for which the advertiser should not have paid. How is this done? A fraudster will be sent a large volume of genuine-looking clicks to an MMP. If an organic install coincidentally occurs, that matches the same device ID or other identifiable information, then that fraudster may be attributed to that organic install. This type of mobile ad fraud or attribution fraud is usually most successful in applications that already receive a lot of downloads, such as Uber or eBay.
Click spamming can generally be identified by an abnormally large CTIT time, and a sub-publisher can easily be identified as a fraudulent sub-publisher if they have an abnormally long CTIT distribution. Interceptd has a “click spamming” alarm, which blocks at the click-level, and we also can blacklist fraudulent sub-publishers if click spamming is present.
Click Injection
Click injection is usually only present on Android devices as it abuses the broadcast feature of Android OS, which notifies all other apps that an install is taking place. When this happens, either a trojan app, unknowingly installed on a genuine user’s device or another type of method will send a fraudulent click imitating that install. Due to ‘lack click attribution,’ the fraudulent click will be attributed to that genuine install. This is again another type of mobile ad fraud, which is also known as attribution fraud, as it is not a fake install, event, or click, but rather, misattributes a real or genuine install, event, or click to a fraudster.
How can click injection be detected? Click injection generally has very short CTIT times. Again, like click spamming, Interceptd has a deterministic click injection alarm that blocks at the install level. Additionally, if a sub-publisher presents an abnormally low CTIT distribution, that sub-publisher can be blacklisted due to click injection.
What is a deterministic rule? A deterministic rule is one that blocks clicks and installs due to a rigid rule set. These are used for easily identifiable types of mobile ad fraud. As there are many different types of mobile ad fraud, Interceptd uses a combination of probabilistic and deterministic rules to achieve a balance between protection without over-blocking.
Bots and Emulators
Bots and emulators are tools that can be used to perform any type of mobile ad fraud. An emulator is an emulation software that can be run on any device to host any other kind of device and simulate their tasks. Thus, emulators can fake any device to look like a smartphone and perform fake apps installations without using real devices to fake attribution and fabricate users to claim advertising credits. A bot is a web robot, a program which can be used automatically to perform and repeat any task over the internet at a high frequency much faster than human users. Bots can be automated to execute any kind of mobile ad fraud as well. Also, they can be used to generate fake traffic such as clicks, installs, views, and even in-app activity.
Device Farms
Device farms are one of the types of mobile ad fraud that is actually going out of fashion due to the recent raids, media attention, and their relative ease of detection. For example, according to our most recent report, device farms had declined from 38% in Q1 2018 to 21% in Q2 in 2019. However, although they are decreasing, they still form a large chunk of the mobile ad fraud landscape, as they are a relatively simple form of mobile ad fraud. Device farms are merely a large collection of devices (usually outdated and affordable mobile devices) that are programmed to perform an action, such as an install, and then repeat this action over and over again.
It is quite simple, and therefore, easy to detect through things such as mismatched OS system, or if a sub-publisher is producing too many installs from an anonymous IP or the same IP.
Final Thoughts on the Different Types of Mobile Ad Fraud
As mobile ad fraud in 2020 is predicted to become more holistic, it is vital to understand the different types of mobile ad fraud that may be targeting your marketing funnel. According to our recent reports, mobile ad fraud’s financial impact should scale to 70 million per day for Android alone in 2022 for mobile ad fraud.
