Professional Documents
Culture Documents
interceptd.com/the-main-types-of-mobile-ad-fraud
Brittney Ihrig
In this article/
SDK Spoofing
Spoofing is a relatively new, advanced, and sophisticated method of mobile app fraud,
where the fraudsters listen to the vital communication between MMP (Mobile
Measurement Platform) or attribution tool and ad networks and application stores. These
vital communication signals are then replicated and edited to simulate any form of
activity desires. This information is then hacked into the MMP to fraudulently simulate
genuine clicks, installs, and in-app activity.
Click Spamming
1/3
Click spamming is one of the different types of mobile ad fraud that is also considered a
kind of attribution fraud. The intention is to claim credit for an organic install that
occurred. Thus, an organic install for which the advertiser should not have paid. How is
this done? A fraudster will be sent a large volume of genuine-looking clicks to an MMP. If
an organic install coincidentally occurs, that matches the same device ID or other
identifiable information, then that fraudster may be attributed to that organic install. This
type of mobile ad fraud or attribution fraud is usually most successful in applications that
already receive a lot of downloads, such as Uber or eBay.
Click spamming can generally be identified by an abnormally large CTIT time, and a sub-
publisher can easily be identified as a fraudulent sub-publisher if they have an abnormally
long CTIT distribution. Interceptd has a “click spamming” alarm, which blocks at the
click-level, and we also can blacklist fraudulent sub-publishers if click spamming is
present.
Click Injection
Click injection is usually only present on Android devices as it abuses the broadcast
feature of Android OS, which notifies all other apps that an install is taking place. When
this happens, either a trojan app, unknowingly installed on a genuine user’s device or
another type of method will send a fraudulent click imitating that install. Due to ‘lack click
attribution,’ the fraudulent click will be attributed to that genuine install. This is again
another type of mobile ad fraud, which is also known as attribution fraud, as it is not a
fake install, event, or click, but rather, misattributes a real or genuine install, event, or
click to a fraudster.
How can click injection be detected? Click injection generally has very short CTIT times.
Again, like click spamming, Interceptd has a deterministic click injection alarm that
blocks at the install level. Additionally, if a sub-publisher presents an abnormally low
CTIT distribution, that sub-publisher can be blacklisted due to click injection.
What is a deterministic rule? A deterministic rule is one that blocks clicks and installs due
to a rigid rule set. These are used for easily identifiable types of mobile ad fraud. As there
are many different types of mobile ad fraud, Interceptd uses a combination of
probabilistic and deterministic rules to achieve a balance between protection without
over-blocking.
2/3
internet at a high frequency much faster than human users. Bots can be automated to
execute any kind of mobile ad fraud as well. Also, they can be used to generate fake traffic
such as clicks, installs, views, and even in-app activity.
Device Farms
Device farms are one of the types of mobile ad fraud that is actually going out of fashion
due to the recent raids, media attention, and their relative ease of detection. For example,
according to our most recent report, device farms had declined from 38% in Q1 2018 to
21% in Q2 in 2019. However, although they are decreasing, they still form a large chunk of
the mobile ad fraud landscape, as they are a relatively simple form of mobile ad fraud.
Device farms are merely a large collection of devices (usually outdated and affordable
mobile devices) that are programmed to perform an action, such as an install, and then
repeat this action over and over again.
It is quite simple, and therefore, easy to detect through things such as mismatched OS
system, or if a sub-publisher is producing too many installs from an anonymous IP or the
same IP.
If you’d like to have a healthy discussion about how we can help stop fraud at
the click level, to help you achieve your 2020 goals, book a consultation
today.
3/3