We are hiring! Visit our careers page.Maybe later

How Mobile Advertisers Can Fight Fraud

Fraud Talk GDC-01

More money really does mean more problems. Mobile app and game developers who have just turned the profit needed to start advertising their app can feel hit with a whole raft of challenges: mobile ad fraud, in all its forms.

A whopping 11.5 percent of all mobile advertising is fraudulent, according to a new AppsFlyer report, The State of Mobile App Install Fraud. The report also proves something long suspected: the size of an advertiser has no correlation to fraud levels. Whether you’re a giant with millions of dollars to spend, or a newcomer with a few hundred dollars in the budget, fraud is a risk.

Worse, it sometimes seems that nobody wants to talk about fraud. The truth is, everyone is affected, and all parties need to work together to manage the risk. Here’s our primer for what advertisers can do in 2018.

More than one type of fraud

AppsFlyer’s report helps break down ad fraud into a few digestible categories. This year, bots have grown hugely, to become the largest category:Appsflyer data

Advertisers new to fraud, though, will find it even easier to think of ad fraud as falling within two basic categories: stealing the credit for legitimate conversions, or faking conversion events such as installs and clicks.

To steal credit for events, criminals often plant malware onto phones. They can then detect legitimate clicks, and send false reports to different ad networks. This ruse is difficult to spot because it’s based on real user data.

Faked conversions encompass more fraud techniques, including bots. Click-farms, once the bane of desktop-based advertising, have expanded to mobile–for instance, last year police in Thailand busted a device farm and confiscated some 500 phones and a staggering 350,000 sim cards. Bots use an entirely different technique, although the goal remains faking conversions. The criminals behind the 2016 Methbot campaign, for instance, had 570,000 bots fake over 300 million video views per day–and are still going today.

An array of defenses

The best safeguards change from year to year, both because of new defense techniques and because fraudsters quickly find new ways to circumvent those defenses. Spotting fake traffic is harder today, for instance, because fraudsters continue to produce events even beyond the install to avoid detection. Some 18% of fake installs report activity until 7 days after ‘installing’.

This evolution in fraud techniques means developers shouldn’t try to keep up where they don’t have to–just building a good app is hard enough. Many attribution layers and 3rd party fraud-detection solutions can link with additional layers of defenses like DataVisor, which uses machine learning to detect patterns. Keeping this software up to date is also imperative, just as you would with an antivirus solution on a PC.

Daily or weekly reviews of your ad data are also recommended. Just as with web advertising, it pays to look out for anomalies in your data. An example can be seen in the below table from DataVisor. In this case, the fraudster tried to fake a legitimate install by using a proxy for the first session and sending subsequent post-install events, but revealed their illegitimate nature by logging in from the actual country for those later events.DataVisor data

Each type of fraud may offer identifiable signatures in your data. Click flooding, for instance, can sometimes be found from random time to install, since the clicks aren’t followed by real downloads, and is also much more prevalent on iOS than Android, according to AppsFlyer.

Data reviews are also a good place to set aside some of your budget, for audits. Once you’ve accumulated some ad data, outsource to a fraud specialist (or make friends with with a more experienced advertiser) to find out the true story on your ad performance. An effective audit can tell you whether some of your ad budget is going astray.

Finally, set crystal clear fraud parameters with your media partners. Even the largest ad networks include some fraud–so it’s important that they’re also transparent. The time for working with channels that can’t prove their data, or that push for performance pricing that isn’t based on real actions taken in your app, is long past.

The endemic nature of fraud is unfortunate, but at Chartboost we have zero tolerance and are working hard with our partners (attribution layers, publishers, and advertisers) to improve detection methods and avoid false positives. In the meantime, keep in mind that it remains a small slice of an industry where new fortunes are made every day. A few simple safeguards are just a way to ensure your margins stay high–and that as much of your own fortune as possible stays in your pockets.

If you are interested in the Appsflyer fraud report, you can download a copy here. #foolsnomore