The growth of mobile ad fraud is a testimony of the importance of mobile devices in our lives. Almost three quarters of online sales are done on mobile. That’s a huge opportunity for advertisers, ecommerce store owners and brands to utilize the most personal and most used device in people’s lives.
No one from the online world can afford to ignore the shift to mobile devices. Unfortunately, this also includes mobile ad fraudsters.
Mobile ad fraud is similar in some aspects to the online ad fraud that we have covered extensively in our previous articles. It also involves various human and automated activities that range from one-man operations to large-scale click farms.
But the mobile world has put additional and unique hurdles to fraudsters that they had to overcome. This article will go over the most popular tactics that skew advertising efforts.
How Mobile Ad Fraud Works
Ad fraud is any activity aimed at marketing campaigns that are designed to mess with the natural flow of traffic. Fraudsters may go after different goals, work for various parties and use different techniques but the overall outcome is that the campaign funnel designed by the marketer doesn’t function in the way it’s supposed to.
Mobile ad fraud works to bring profits to whatever party it is running it – and these profits are taken from your share.
Traditional online ad fraud is usually divided into
- simple fraud
- sophisticated fraud
The first one is relatively easy to avoid and includes simple clicking bots that many ad tracking platforms, including Voluum, can detect and sift out.
Sophisticated fraud is much harder to detect, as it mimics natural human behaviour more accurately but its influence on campaign budgets is even bigger. Sophisticated fraud is detectable only through in-depth statistical analysis. This is not easy nor cheap. Luckily, the same can be said about running this type of fraud.
How Is Mobile Fraud Different From General Ad Fraud?
In many ways, it’s not. People use mobile web browsers that are susceptible to the same type of fraud as on desktop browsers.
The difference comes into play with mobile apps and in-app advertising.
They display ads and generate conversions in an ecosystem that is in large part separate from web browsers. There is a whole distinct category of tools designed to track various in-app user activities, called mobile attribution tools.
The most popular one, AppsFlyer, is integrated with Voluum, which allows all marketing activities to be performed in one place. More about the benefits of integrating those two platforms later.
To imitate real-user behaviour on mobile devices, fraudsters have to emulate the mobile environment itself or hijack the communication between a mobile device and a mobile attribution tool. These techniques, that I will list shortly, make mobile ad fraud unique.
How Mobile Ad Fraud Affects Advertisers
Fraudsters usually have two goals on their agenda:
- To artificially inflate an asset’s visit or click numbers to make them look more attractive in the eyes of an advertiser.
- To gain false credits for mobile conversions, such as app installs
This may not sound like much, but these manipulations have two direct results for marketers.
- First and the most obvious is depleting marketing budgets by falsely rewarding non-genuine conversions. The numbers differ vastly but it’s safe to assume that a significant portion of budgets are wasted and go directly to fraudsters.
- The second result is skewing the statistics. The data you have serves as the basis of making important decisions, such as allocating a budget to a seemingly profitable placement, site or publisher and cutting down placements with real but less impressive traffic statistics in favor of those polluted by bots.
Corrupted data is inefficient data. You know and accept that part of your traffic may not be of human origin, but you don’t know which part and how big it is.
What Does a Simple Mobile Click Attribution Scenario Look Like?
To understand mobile ad fraud better, we have to understand how mobile conversion tracking works in the first place. Let’s look into this example scenario, where an app is advertised on a publisher’s site with a simple banner, and the conversion event is an app install.
- The visitor sees and clicks an ad that appears on a publisher’s site.
- This click is registered by an affiliate ad tracker such as Voluum.
- The visitor is directed towards the app store. They download and install the app.
- Once the install is complete, the app uses the software solution delivered by a mobile attribution tool (SDK) to detect a conversion event and sends information to this tool.
- The mobile attribution tool sends conversion information to Voluum using a postback URL.
This, and other, more complex scenarios can be manipulated by using the techniques listed below.
Types of Ad Fraud specific for Mobile Devices
Click farming is the large-scale operation that adopts the brute force approach. Instead of using sophisticated bots or malicious apps, click farms use hundreds of active devices that are run by human or bot operators. The task of these device farms is to simply generate in-app engagement: click ads or generate other in-app activity.
Click farms are carefully-calculated fraud enterprises whose earnings from falsely claiming parts of online advertising budgets must be higher than the costs of their human participants and devices. Because of this, they use popular apps, such as freemium mobile games that can bring more stable profit.
Click injections, interceptions or flooding are aimed to claim credit for the click (or app install, or other events) that originates from the same device. A malicious but seemingly simple app, such as a flashlight or calculator app may run in the background, detect an app install and inject its click right before the correct click is generated. If done well, the malicious app owner will be credited for this event instead of an advertiser.
Bundle ID spoofing
A similar type of fraud takes place when another malicious app runs ads from a legit app. An advertiser thinks that their mobile ads are run in the legitimate app while they are actually run in this malicious app.
A reverse situation occurs when a legitimate app has a malicious code sewn into it. This code generates activity for a different app while this app runs as normal and creates its own events. The code mimics (spoofs) the SDK of the mobile attribution tool.
Other Types Of Online Ad Fraud
Ad stacking refers to a situation where several ads are displayed on top of each other. The visitor sees only the top one, while all ads in the stack get credit for being viewed.
Ad bundling is a similar fraud where several networks are put under one site ID, which allows these networks to get credit when the site is loaded.
This is a general term that describes various server or device run bots or traffic coming from data centers that simply artificially click desired links to make them look more popular.
Such bots usually are not very sophisticated and can be detected by applying typical bot filtering technologies, such as fast or frequent clickers. This doesn’t mean that they are still not effective or popular. By applying a more advanced tech, such as botnets, they can quickly and cheaply increase their reach and generate mountains of fake clicks and fake websites pretending to be legitimate publishers.
How to Protect Your Campaigns From Mobile Ad Fraud?
Fraud prevention and detection is a task for both ad tech providers and law enforcement agencies. The former provide technological solutions that detect and filter out at least parts of fraudulent traffic, while the latter’s efforts aim at organized operations such as click farms.
Both of those things are happening. To prevent mobile ad fraud, mobile attribution tools implement various techniques developed to either strengthen the security of the tracked visitor journey or to detect fraud itself.
But the thing all of these solutions won’t work without is the user’s self preservation. Many of the above techniques use malicious or infected apps to run their tasks. Being aware of the source of an app, developer’s reputation, app rating and so on renders most of the fraudsters’ efforts useless.
How to spot fraud attempts
The marketer’s checklists should look as follows:
- Invest in anti-fraud solutions or make sure that those are already adopted by the affiliate marketing software you use. For example, Voluum has the Anti-Fraud Kit feature that, combined with AppsFlyer’s Protect360 solution, gives you a fighting chance against fake traffic.
- Be wary of unusual traffic patterns, such as spikes, high CTR with low conversion rates, unreasonably low or high time-to-install (anything below 10 seconds and above 24 hours has high chances of being of bot origin), events generated from a single IP address.
- Analyse your traffic for obvious signs of fraud, like coming in high numbers from countries where you don’t run paid ads or from devices with deprecated OS versions.
- Observe the behavior of your users within app. For example, if the ratio of people that complete your mobile game or achieve a certain milestone changes rapidly, this situation is worth investigating. Users usually “progress”‘ through an app, especially a mobile game. If you see high number of installs but no signs of actual use, this is a huge red flag for fake installs and fake users.
Mobile Ad Fraud Trends
The growing numbers of mobile devices make mobile fraud and increasing risk. With scale comes increased profitability of malicious activity, and in turn – increase in the levels of sophistication. Common fraud tactics will stil be present, as costs of running them decreases overtime.
The biggest trend will most probably the use of AI to, firstly, produce simple bot scripts at scale and by users with low programming skillsm and secondly, to quickly draw massive traffic to a fake website by AI-produced content.
The first trend puts an additional strain on app developers and anti-fraud solutions, while the second one is a challange various ad networks that look for publishers with real users and real traffic.
The light in the tunnels may come from better filtering algorithms of apps stores that will catch malicious apps sooner. Additionally, users from tier 1 and tier 2 countries are less likely to install flashlight apps that weree commonly used to commit install fraud.
The Fight against Bot Traffic Is The Fight For a Better Industry
There’s no sitting this out. No matter if you are an advertiser, app developer or a consumer, each role comes with some responsibilities.
Marketers should include their campaign’s security as early as in the planning phase. Developers should develop and include various anti-cheat solutions within their apps, while consumers should simply protect themselves from all kinds of fraud, even from those that aren’t aimed directly at them.
We at Voluum have a long history of delivering anti-fraud solutions. When you integrate Voluum with a popular mobile attribution platform you can rest assured that you will get the safest combo on the market.