Mobile Ad Fraud: how to detect and protect your ad against it.

Blog

Mobile Ad Fraud: types, key benchmarks and anti-fraud systems

Mobile Ad Fraud: how to detect and protect your ad against it.

The mobile marketing industry is facing the issue of rising fraud across various categories: from gaming to e-commerce. Research from Fraud Broker showed that ad spending associated with fraud amounted to $84 billion in 2023 and could reach $170 billion by 2028. Fraud in the financial sector has increased by 50%. These alarming statistics and the ingenuity of fraudsters pose a crucial question for advertising specialists — how can they protect themselves from fraudulent activity and safeguard their budgets?

What is Mobile Ad Fraud and What Are the Consequences?

Fraud is the intentional manipulation of information related to ad impressions and interactions. Mobile ad fraud affects two channels: the mobile web browser and in-app environments. To recognize fraud, it’s important to understand who’s behind it. Often, fraudsters are dishonest publishers or fake advertising platforms.

Marketing partners drive traffic to mobile apps by placing ads across different platforms. However, fraudsters can manipulate data about user conversions to secure payment. The tools used to achieve this include:

  • Ad stacking happens when a user clicks on a visible banner while simultaneously interacting with a hidden ad underneath.
  • Bots create the illusion of fair clicks and app installs (accounting for 70+ per cent of fraud globally).
  • Click spamming is there when fraudsters claim credit for organic traffic by generating fake clicks.

Fraud affects current and future marketing campaigns, leading to negative outcomes.

What Are the Consequences of Mobile Ad Fraud?

  1. Distortion of target audience insights. Advertisers finish with inflated user numbers that do not interact with the app.
  2. Loss of budget. Fraudulent traffic results in significant losses, with advertisers overpaying for installs or clicks. According to Statista, between 2023 and 2028, spending lost to fraud is expected to reach $172 billion in digital advertising.

The growing cost of ad sources and stricter privacy regulations from App stores led to an increased rise in invalid traffic. Advertisers turned to dubious in-app sources, which are rife with fraud, leading to even greater budget losses.

Mobile Ad Fraud Benchmarks: What Percentage is Acceptable?

Common fraud schemes have become easier to recognize, which has led to the development of more complex fraudulent traffic algorithms. So, how can you detect fraud in your campaigns? When analyzing statistics, it’s important to pay attention to the following benchmarks:

  1. CTIT (Click-to-Install-Time). This metric evaluates the time elapsed from the click to the installation of the mobile app. On average, it takes between 10 to 60 seconds to install an app. If the CTIT is less than 10 seconds, this indicates click injection. If the CTIT exceeds 24 hours, this points to click flooding.
  2. CTI (Click-to-Interest). This ratio reflects the proportion of engaged users relative to the total number of clicks. The standard range is 0.1-0.3%. Any deviation from this range may indicate fraud.
  3. NDR (New Device Ratio). This shows the percentage of new devices that have installed the advertised app. While users do change devices, it’s important to monitor the allowable range of NDR—manipulation with device ID resets may suggest device farm activities.
  4. Retention Rate. This metric reflects the number of users who return to the app. The norm is that the deviation from organic traffic should not exceed 25%.
  5. Attribution (VTA). This metric accounts for cases where a user didn't click on the ad to visit the app store, but installed the app shortly after viewing the ad. VTA should comprise no more than 60% of the overall traffic.
  6. SDK Fraud Markers. These tools analyze incoming traffic in detail and can detect anomalies, such as misspelt carrier names or user-agent information. Pay attention not only to incorrect operator names but also to their geographic location. For example, if an ad is targeted at the U.S., but the operator is from China, this could signal fraud.
  7. IP Duplicates. Monitoring multiple installs from the same IP can help avoid artificial metrics. IP duplicates should not exceed 10%.
Metric Acceptable Value
CTIT 10 to 60 seconds
CTI 0.1-0.3%
Retention Rate No more than 25% deviation
VTA No more than 60%
IP Duplicates No more than 10%

Tracking these metrics will help you identify anomalies at early stages and take the necessary action.

What Types of Mobile Ad Fraud Exist on the Market

Mobile ad fraud can be divided into five main types. Let’s explore the types marketers and developers should be aware of and how they operate.

Types of Fraud in Mobile Advertising
Types of Fraud in Mobile Advertising

Click Fraud

This type involves intentional actions to generate imitation clicks, which leads to a drain on the budget in PPC, CPC, or CPI models. Fraudsters increase their revenue using methods such as:

  1. Click Injection. This method simulates clicks before the app is downloaded. Fraudsters sometimes use dormant apps installed on users' devices to generate clicks at specific moments.
  2. Click Hijacking. This method intercepts legitimate clicks. When a real click is detected, malicious software generates a fake click report from a competing network, hijacking the original click and attributing the subsequent app installs to themselves.
  3. Click Redirection. This fraud scheme redirects users to different resources or pages without their consent. For example, when a user clicks on an ad, instead of opening the intended content, a malicious code redirects them to a different page or resource.
  4. Duplicate IP. This scheme creates duplicate IP addresses to simulate an unnatural amount of clicks, giving the illusion that multiple users are interacting with the ad.
  5. Click Flooding. This applies to generating a lot of clicks in a short period, often resulting in unusually long CTIT (Click-to-Install-Time) and abnormal conversion rates.

Install Fraud

Install fraud generates false information about app installations on user devices. To deceive advertisers who pay per install, fraudsters often use emulators and device farms to manipulate installation data. Common tactics include:

  1. Device ID Reset Fraud. This approach involves fraudsters resetting or modifying the mobile device’s ID to make it look like app installations are coming from several different devices. By doing so, they can deceive ad networks and attribution platforms, making fraudulent installs appear genuine, which complicates the process of identifying fake activity.
  2. App Spoofing. Fraudsters develop counterfeit apps that users unknowingly download. These apps typically contain malware designed to generate fake clicks and impressions. By inflating metrics like CPM (cost per thousand impressions), fraudsters mislead ad networks and demand sources, manipulating performance data to appear more successful than it truly is.

Attribution Fraud and SDK Tampering

Mobile attribution tracks events reflecting the user journey before and after installing an app. To exploit attribution data, fraudsters may employ SDK Hacking and SDK Spoofing.

SDK Hacking involves tampering with an app’s software to insert illegal ads. Fraudsters exploit SDK not only to display intrusive ads but also to steal sensitive information, such as device IDs and personal data. To prevent hacking, consider using closed-source code and implementing high-security standards.

SDK Spoofing is a type of fraud that creates seemingly legitimate app installs without any actual downloads. Fraudsters inspect the app’s source code or configuration and then replace the real SDK with a fake one. This results in fabricated events, leading to false attribution and misleading performance metrics.

Display Ad Fraud

Display Ad Fraud involves manipulating ad placement and impressions to generate unauthorized views or clicks. Key methods include:

  1. Ad Stacking. Ads are layered on top of one another, with users only seeing the top ad, but clicks are registered for the ads below. Fraudsters use layering technology (stacking ads with transparent elements) and ad refreshing (ads change rapidly to inflate impression counts).
  2. Ad Injection. Ads are inserted into apps without the publisher's consent, typically overriding paid content. This redirects revenue from the publisher to the fraudster.
  3. Pixel Stuffing. Using iframes, fraudsters overlay a 1x1 pixel block on an ad, which is invisible to the user, but the ad impression is still recorded.

CPI/CPA Fraud

CPI (Cost Per Install) and CPA (Cost Per Action) models have created new opportunities for install fraud. Advertisers were charged based on CPI, but fraudsters began generating fake installs using techniques like Click Flooding, Click Injection and Device Farms. The CPA model was meant to offer more protection since users completing actions after installation are typically real. However, fraudsters found ways to falsify in-app actions, leading to CPA fraud, which is more profitable due to higher payouts for completed actions.

Despite the rise of CPA, CPI campaigns remain popular. Statista reports that install fraud cost the European market around $2.5 billion, while the North American market saw losses of approximately $1.2 billion in 2023.

Fraud Detection and Prevention Methods

A common question marketers and developers ask is, "Can fraud be detected manually?" While possible, it demands considerable time and resources. Key signs of fraud include:

  1. Unexplained spikes in campaign performance, such as abnormal increases in downloads or clicks, without any changes in strategy.
  2. Consistent user activity at the same time each day. Genuine users tend to interact with apps at various times, so a pattern of identical activity times likely indicates bot involvement.

As fraudsters evolve their tactics, the need for anti-fraud systems has become critical. These systems analyze click, behavioural, and device data to identify suspicious activity.

Functions of antifraud systems
Functions of antifraud systems

Anti-fraud systems can be broadly categorized into two types:

  1. Standalone systems. These operate independently from the apps they protect and are valued for their flexibility, scalability, and independence.
  2. Integrated systems. These are built directly into apps or platforms, offering real-time detection and response. They are praised for their seamless integration, contextual analysis, and ease of use.

Below are some of the widely used anti-fraud systems built into mobile measurement platforms (MMPs).

AppsFlyer

AppsFlyer's Protect360 detects and filters fraudulent clicks, installs, and device emulators by analyzing user behaviour patterns and discrepancies. It utilizes a multi-layered approach to prevent fraud effectively.

Adjust

Adjust’s Fraud Prevention Suite combats fraud at every level. It rejects fake installs in real time, provides callbacks with reasons for blocking, ensures accurate attribution, and conducts reliable analysis.

Singular

Singular’s Fraud Prevention Suite uses machine learning to identify various anomalies in ad campaigns. The service offers extensive capabilities for mobile attribution, analytics, and fraud protection.

Mobile Ad Fraud is Widespread, But It Can Be Fought

Ad fraud is a growing problem, causing losses for all parties in the digital ecosystem. Understanding the sorts of fraud and available protection systems will help you identify fraudulent schemes early and protect your ad budget.

At Acquisition.mobi, we work with trusted partners and prioritize protecting our clients' ad campaigns from fraudulent attacks. If you're interested in in-app advertising, contact us at info@acquisition.mobi.