It was once famously said that “Robots don’t buy KitKats” – however, now they do. The statement, made by Gawain Owen, Nestle’s digital lead in the United Kingdom, was made in 2015, in the climate where mobile ad fraud awareness was almost unheard of, and some of the upper echelons of marketing and advertising were attempting to deal with it. There was once a time where click spamming and bot farms were the epitome of the mobile ad fraud world. Since then, more attractive methods such as SDK spoofing, which is much less detectable and more scalable, and in-app event fraud, which yields a potentially more lucrative profit, have increased in popularity. So, if you’ve ever considered, or currently use CPA campaigns, then this article is for you! In this article/
In-app event fraud, as the name suggests, is the incorrect attribution of paid in-app events to fraudulent sources, on paid CPA (cost-per-acquisition) campaigns. Thus, we can also consider this CPA campaign fraud. This is one of the most lucrative and newest forms of mobile ad fraud. Since mobile ad fraud has plagued the industry, marketers, and advertisers have turned to less efficient methods of combating this fraudulent activity, such as in-house data auditing, asking for refunds from ad networks, and even building their own white and blacklists. Another trend that has been observed is the transition to CPA campaigns, which in theory, should eliminate mobile ad fraud as ‘robots cannot buy KitKats’. Whilst it might be a while until we see a robot in the checkout line at Tescos or Trader Joes, they can, however, make in-app purchases of KitKats. At least, they can be programmed to do so, or code can be written to simulate such an action. So, what was once a measure to gain qualified, highly engaged users, is now the new target for fraudsters, rearing to steal credit for your $25-40 CPA.
However, not all impacts are negative. CPA ad fraud is helping to develop the CPA analytics sector based on the increase in the demand for in-app events analytics or CPA analytics.
Negative Implications of In-App Event Fraud Extend Beyond Events
Stolen CPA budgets: there is an obvious connection between spoofed or simulated in-app events that directly siphons marketing budget.
Increased campaign costs: whilst in-app event fraud directly hijacks CPA campaigns, it can also have flow-on effects to other campaign types, leading to increased campaign costs. For example, due to a sub-publisher spoofing events, targeted towards CPA campaigns, this can increase other campaign costs on that sub-publisher, due to their perceived ‘high conversion rate’. This can affect not only your campaigns but other advertiser’s campaigns as well.
Corrupt analytics. Which users are converting is some of the most valuable insights a marketer can have access to. You need to know what type of user is going to be your core spenders and users. Additionally to this, you need to know which channels converted this user. All of this information will be skewed by fake, spoofed and simulated events if ad fraud protection is not undertaken to prevent these spoofed events from taking place.
How Interceptd Tracks and Prevents In-App Event Fraud
There are three ways in which CPA fraud is committed: SDK spoofing, SDK spoofing, and SDK spoofing. Okay, so there is only one current way. How do we detect this? Well, we essentially threw the kitchen sink at this one. In order to catch ‘spoofing’ which is essentially a form of written code that mimics real human behavior, we have to use all of our collective alarms, machine learning and algorithmic power to detect any anomaly indicative of potential spoofing activity. This is like trying to catch a high-profile criminal on an FBI watch list.
There is no specific ‘rule’ or ‘guide’ to catching such a sophisticated individual; rather, you need the best resources and minds available to catch the individual. Whilst it would be lovely to say that there is one variable, in particular, that is indicative of spoofing, such as VPN use, this simply is not true. The very nature of spoofing is that any code can be written to mimic anything, including code to cover their tracks and evade detection. This is in contrast to other types of mobile ad fraud, such as click injection or click spamming that can be identified by looking at the CTIT times, or the CTIT distribution pattern. In addition to this, by eliminating fake or simulated in-app events, you gain access to genuine CPA analytics and data. This CPA analytics will be data that truly reflects your core audience.
Why is In-App Event Fraud so Lucrative?
This applies for a combination of reasons. Firstly, many marketers might assume that fraudsters cannot fake in-app events; therefore, fraudsters can operate under a cloak of darkness right in front of in-house makeshift anti-fraud mechanisms. Secondly, as they adopt a more sophisticated form of mobile ad fraud that often relies upon SDK spoofing, fraudsters are aware that this form of mobile ad fraud is hard to detect. Lastly, an obvious reason for in-app event fraud being a target is the financially lucrative incentive. The stolen attribution pays approximately $25-40 depending upon the campaign costs. Additionally, CPA campaigns are increasing in frequency as user acquisition managers are increasing CPA spend in attempts to acquire ‘real’ engaged users and also to ‘avoid’ mobile ad fraud. Considering spoofers were already using the same technique to spoof installs, and other such fraudulent activity, it is quite easy to simply spoof events instead. It simply requires different code to be written.
When considering which MMP or third party mobile ad fraud protection is best to protect your CPA campaigns. There is no hard and fast rule for detection and prevention. There are players in the industry that have frequently been spoofed and others that have not. There are also players in the mobile ad fraud protection market that do not have a robust set of tools, thus their spoofing detection abilities are quite limited. Again, keep in mind that your ability to catch SDK spoofing is akin to the sum total of your mobile ad fraud protection capabilities. If this sum-total is made up of only rigid, deterministic rules, or only comprised of flimsy, non-updated flexible rules, then again, the ability to catch SDK spoofing will be limited.
CPA campaigns can be one of the most effective if executed correctly and if your in-app event analytics are measured correctly. It allows you to set the parameters of what kind of user you want. This, in turn, can have numerous flow-on effects, such as community building, an organic uplift, and even word-of-mouth marketing. As CPA campaigns are such an effective tool in any mobile or app marketer’s arsenal, it makes sense to want to protect the outcomes of those campaigns, especially to gain genuine CPA analytics and data. Whether it is financial, or simply making sure that you are connecting to genuine users to further fuel the growth of your app, it makes sense to invest in fraud protection that prevents and detects in-app event fraud. If you’d like to get a gauge on how well protected your in-app events and in-app event analytics could be, then get started with a free trial here.
