The Main Types of Mobile Ad Fraud

interceptd.com/the-main-types-of-mobile-ad-fraud

Brittney Ihrig

Reading Time: 4 minutes

There are many different types of mobile ad fraud, in this ever-changing dystopian
ecosystem. According to our fraud experts, we expect ad fraud in 2020 to become more
“holistic” as fraudsters will pool their learning, resources, and techniques to branch out
into the entire marketing funnel – from programmatic to influencer marketing, to ad
networks and mobile advertisements. Of course, we can expect them to become more
sophisticated. It is just one of the plethora of reasons pointing towards the importance of
understanding the different types of mobile ad fraud. Let’s take a look at some of the most
common forms of mobile ad fraud that will be relevant in 2020.

In this article/

SDK Spoofing
Spoofing is a relatively new, advanced, and sophisticated method of mobile app fraud,
where the fraudsters listen to the vital communication between MMP (Mobile
Measurement Platform) or attribution tool and ad networks and application stores. These
vital communication signals are then replicated and edited to simulate any form of
activity desires. This information is then hacked into the MMP to fraudulently simulate
genuine clicks, installs, and in-app activity.

Click Spamming

1/3
Click spamming is one of the different types of mobile ad fraud that is also considered a
kind of attribution fraud. The intention is to claim credit for an organic install that
occurred. Thus, an organic install for which the advertiser should not have paid. How is
this done? A fraudster will be sent a large volume of genuine-looking clicks to an MMP. If
an organic install coincidentally occurs, that matches the same device ID or other
identifiable information, then that fraudster may be attributed to that organic install. This
type of mobile ad fraud or attribution fraud is usually most successful in applications that
already receive a lot of downloads, such as Uber or eBay.

Click spamming can generally be identified by an abnormally large CTIT time, and a sub-
publisher can easily be identified as a fraudulent sub-publisher if they have an abnormally
long CTIT distribution. Interceptd has a “click spamming” alarm, which blocks at the
click-level, and we also can blacklist fraudulent sub-publishers if click spamming is
present.

Click Injection
Click injection is usually only present on Android devices as it abuses the broadcast
feature of Android OS, which notifies all other apps that an install is taking place. When
this happens, either a trojan app, unknowingly installed on a genuine user’s device or
another type of method will send a fraudulent click imitating that install. Due to ‘lack click
attribution,’ the fraudulent click will be attributed to that genuine install. This is again
another type of mobile ad fraud, which is also known as attribution fraud, as it is not a
fake install, event, or click, but rather, misattributes a real or genuine install, event, or
click to a fraudster.

How can click injection be detected? Click injection generally has very short CTIT times.
Again, like click spamming, Interceptd has a deterministic click injection alarm that
blocks at the install level. Additionally, if a sub-publisher presents an abnormally low
CTIT distribution, that sub-publisher can be blacklisted due to click injection.

What is a deterministic rule? A deterministic rule is one that blocks clicks and installs due
to a rigid rule set. These are used for easily identifiable types of mobile ad fraud. As there
are many different types of mobile ad fraud, Interceptd uses a combination of
probabilistic and deterministic rules to achieve a balance between protection without
over-blocking.

Bots and Emulators

Bots and emulators are tools that can be used to perform any type of mobile ad fraud. An
emulator is an emulation software that can be run on any device to host any other kind of
device and simulate their tasks. Thus, emulators can fake any device to look like a
smartphone and perform fake apps installations without using real devices to fake
attribution and fabricate users to claim advertising credits. A bot is a web robot, a
program which can be used automatically to perform and repeat any task over the

2/3
internet at a high frequency much faster than human users. Bots can be automated to
execute any kind of mobile ad fraud as well. Also, they can be used to generate fake traffic
such as clicks, installs, views, and even in-app activity.

Device Farms
Device farms are one of the types of mobile ad fraud that is actually going out of fashion
due to the recent raids, media attention, and their relative ease of detection. For example,
according to our most recent report, device farms had declined from 38% in Q1 2018 to
21% in Q2 in 2019. However, although they are decreasing, they still form a large chunk of
the mobile ad fraud landscape, as they are a relatively simple form of mobile ad fraud.
Device farms are merely a large collection of devices (usually outdated and affordable
mobile devices) that are programmed to perform an action, such as an install, and then
repeat this action over and over again.

It is quite simple, and therefore, easy to detect through things such as mismatched OS
system, or if a sub-publisher is producing too many installs from an anonymous IP or the
same IP.

Final Thoughts on the Different Types of Mobile Ad Fraud

As mobile ad fraud in 2020 is predicted to become more holistic, it is vital to understand
the different types of mobile ad fraud that may be targeting your marketing funnel.
According to our recent reports, mobile ad fraud’s financial impact should scale to 70
million per day for Android alone in 2022 for mobile ad fraud.

If you’d like to have a healthy discussion about how we can help stop fraud at
the click level, to help you achieve your 2020 goals, book a consultation
today.

3/3