In The News

It’s 2018 and Fraud is Still a Thing

Stopping mobile ad fraud


Yes, I know the topic of mobile advertising fraud has been beaten to death in the past 18 months, but it’s still very much a concern for advertisers because fraud is ubiquitous. According to eMarketer, fraud will only continue to grow, costing advertisers $44B worldwide by 2022.

To understand the full effect of fraud on your advertising budget and bottom line you need to grasp how the different methods are executed in order to help identify the risks you are being exposed to. Our diagram below shows two main categories in which fraud falls into: technical and compliance fraud, the more popular being technical fraud. It is important to understand both since they can overlap, but compliance fraud is a little more self-explanatory.  


  • Technical fraud: To create fake traffic (non-human traffic) with technology
  • Compliance fraud: Misjudge existing traffic (human traffic) in order to make it more profitable  



Let’s focus on technical fraud, which includes the popular click injection and click-spamming methods. These two types of fraudulent activities are tricky to detect because the publishers hijack organic installs. In other words, they get credit and paid for a user that was installing the app without the influence of an ad from the publisher. Organic users are typically the most loyal and the highest spending users for mobile businesses, so hijacked installs will reflect a great LTV, thus proliferating continued spending by the advertiser with that fraudulent source.


Stealing organic users with click injection only happens on Android because apps can “listen” for other apps installing on the same device. This “listening” capability is the key to how click injection can happen. Malware existing on the phone as an app, like a flashlight or utility app, can send information back to the fraudster publisher about the device. Once the fraudulent publisher receives the device information, they fire off the click with the device’s data right before the download finishes. As soon as the app opens, the install is registered by the measurement provider then last click attribution process begins, rewarding the most recent click who is the fraudster. Luckily, attribution providers like TUNE are working with Google to eliminate click injection fraud by leveraging the download timestamp instead of the install (first open) time stamp.  At YouAppi, we have our own continuous 6 Step Fraud Protection Process that includes a click validity and click-to-install time analysis to eliminate any click injection risks for our clients.  


The other popular method for mobile ad fraud is click-spamming, which can include ad stacking, cookie stuffing, and other various mechanisms. The ultimate purpose behind these methods is to generate a large number of clicks/impressions in order to maximize the chances of receiving credit for organic installs already happening. Either the clicks or impressions are happening in the background without users knowing, or clicks can be simulated to look like real humans from real areas. The data captured on a click used for attribution, like IP address, device brand, device model, and user agent string can be manipulated to reflect areas of high traffic along with common device information. If the click is a match with an organic install in these high traffic areas then the click spammer will get credit and paid. Our friends over at Adjust laid out the different types of click spamming in case you wanted to dig in.  


In addition to click fraud, another method for defrauding mobile advertisers is faking installs. This method was very popular a few years ago when the KPIs for campaigns were based on install numbers and not LTV. Much like HBO’s ‘Silicon Valley,’ season three, episode ten: And Then There’s Fraud, faking installs were executed with bot farms. Install fraud used to be detectable by LTV and in-app events analysis when the fake users would not produce any action after the install and delete the app right after;  now fraudsters can fake in-app events to look like human behavior. According to Forbes, “Bots are also growing in number because they are humanlike in that they can successfully stay under the radar. They fake movements within a game (e.g., opening an app, clicking and moving around a card in Solitaire) to meet a specific KPI that results in charges to an advertiser.” This is why it is important to implement measures like purchase verification with iTunes and Google so that there’s a valid receipt for any in-app purchase received.


Our helpful wiki page lays out all the different types of fraud under each category here. If you have any questions or want to know how we fight against fraud for our advertisers with the YouAppi 6 step continuous fraud protection process, please request a contact here.  


Sandor Jones | Product Marketing

Leave a Reply

Your email address will not be published. Required fields are marked *