To All Mobile App Marketers: How to Prevent Mobile Ad Fraud

To All Mobile App Marketers- How to Prevent Mobile Ad Fraud
Reading Time: 4 minutes

The existence of mobile ad fraud traffic in the app business is undeniable. Therefore, mobile marketers now need to take this into account when activating their user acquisition strategy to avoid a wasted cost. The cost we refer to here is time and money.  

Revenue lost to fraud is painful enough and it affects the bottom line. However, time is also a precious commodity in the app economy. Having marketing managers trawling through reports and data, to separate clean data from data corrupted by fraudulent activity is the time-consuming consequence of campaigns being targeted by fraudsters. 

So, how do you avoid wasted costs when running a mobile app marketing campaign? The quick answer is data analysis. You must pay attention to patterns in your campaign data. You also need to cooperate with your partners such as ad networks and attribution companies and encourage transparency between the relevant parties. More importantly, now is the time to invest in fraud prevention software. Platforms such as Interceptd are capable of analyzing millions of clicks, installs and post-install events to determine what is fraudulent and what is clean data.

Bad actors that commit fraud are getting more sophisticated and are getting better at covering their tracks. For this reason, there is no single, simple, powerful, silver bullet solution to defeat them. However, there are ways and methods of tracing the footprints that are left behind by fraudster activity. Let’s have a look at some of these patterns of behavior that platforms like Interceptd can detect.


CTIT (Click to Install Time) is the time it takes to click through to the download. It could be one of the metrics we can look at it to detect install fraud. For example; if the time between the click and the download is short e.g. less than 5 seconds and there is a high density of resulting downloads it is likely that the fraud called ‘Click Injection’ is taking place.

What is a reasonable CTIT? It is impossible to give a definitive number as to how long the reasonable interval time should be. Why? Many factors affect the time between click and install. The time could be determined by the size of the application or internet speed. The accepted time is usually between 15-20 seconds. However, it is acceptable for the process to take up to 1 minute.  

If you observe that the time between click and install is longer than usual then another fraud type called ‘Click Spamming’ could be taking place.


Click-Install Frequency

While we try to detect fraud by looking at the CTIT metric fraudsters try to keep the CTIT metric at reasonable levels to avoid detection. In that case, another analysis is required to be used in conjunction with CTIT. This analysis is called Click-Install Frequency.

If the intensity of the clicks takes place within a short period, and the downloads of those clicks occur within a short period; after a while then you should question whether the publisher is sending fraudulent traffic.

What’s more, you always need to check the realization times of clicks and installs. If they occur at the same time on different days that should raise a red flag.


Install to Event Time

Imagine that you have a shopping application. You get traffic from 3rd party sources. You hit your Purchase KPIs. The source seems to be providing excellent traffic. Everything is perfect. Then, after taking a deeper dive into the data you observe that most purchases occur in a very short time interval. The user has downloaded your app, chosen a product, entered credit card information and made an order in a matter of seconds. Is this possible? Of course not. We are likely witnessing an SDK spoofing fraud.


Event Flow 

This is another metric that should be observed as part of an overall data analysis.  

You need to create a funnel to better understand the quality of the source you are getting traffic from. That’s why I think it’s helpful to define many events when you publish or update your app. You should query any publisher that provides downloads contrary to the sequence of events. It is not possible to see more than one unique event arriving by install or to see purchase before register. 



Why should you analyze IP addresses? Don’t they simply tell us the location of a user? Yes, they do but we can also use this metric to see if fraud is in play. The assumption is that each different click should come from different IPs. If the intensity of traffic is coming via the same IP something suspicious is happening. Similarly, if the difference between click and install time is very low, the differentiation of IP on click and install should raise alarm bells. 

As you can see there are a variety of analyses you can use to determine if you are receiving high quality or fraudulent traffic. Unfortunately, the percentage of fraudulent traffic is increasing. Conservative estimates from the IAB suggest that one in every three clicks is fraudulent. We believe it is much higher. With there being many fraud types that are getting more sophisticated it is now essential to fortify your defense against ad fraud by licensing a dedicated fraud prevention platform such as Interceptd. Our platform combines machine learning and statistical analysis to look at data patterns and identify anomalies. We then use this learning to create alarms that can be activated via an intuitive dashboard to prevent fraud from damaging your campaign data and paying money to bad actors.



Leave a Reply

Your email address will not be published. Required fields are marked *