When implementing campaigns to promote our mobile apps, we need to be aware of the ever-growing scale of this threat. Again, from the data of the Interceptd report “Q2 2019 Mobile Ad Fraud Report” we can learn that for Android 31% of the traffic in the analyzed period was considered fraudulent (increase of 4 percentage points compared to Q1 2019) while for iOS we are talking about a scale of 25% (increase of 3 percentage points). The above numbers reflect the seriousness of the problem facing the entire industry. Fortunately, with knowledge and analysis of relevant data, we can effectively combat this phenomenon.
Types of fraud
Before we move on to detecting them, let’s focus on some of the most common examples:
A type of ad fraud that involves triggering clicks for users who did not actually make them. Mobile version of the website can “fire” clicks in the background, without any visible ads. On the other hand, the application can generate such clicks literally at any time as long as it is constantly running in the background on our phone. As a result, after some time, when the user installs the billed application, the fraudulent click will be attributed to the organic installation. This way the fraudster will be compensated.
This is a special, more advanced form of Click Spamming. It occurs when a user has a fraudulent application installed on his device that runs in the background and has the ability to detect when other billed applications are installed. In a situation where the fraudster has access to the mobile application, using his application running in the background, he is able to trigger a click just before the installation is complete. Thus, we are again dealing with organic traffic stealing.
Device farms are the least technologically advanced way of generating fraudulent mobile traffic. These are simply hundreds or rather thousands of phones operated by few “employees” on which applications that are subject of the fraud are massively installed. Fraudsters in this case very often use VPNs so that their installations are assigned to appropriate geo-location. Due to the limited number of devices, they are regularly reset to change their IDs, allowing the same apps to be reinstalled and further fraudulent earnings.
Methods of detecting and blocking fraudulent traffic
The most important tools in the fight against fraudsters are knowledge of their methodology and in-depth analysis of the data we can collect about our apps. At this point I would like to remind that first of all we need to make sure that our application is properly measured, without this we will be like children lost in a fog. Kacper Procki pointed it out in his article “Everything you need to know if you want to effectively promote your mobile app”. If you are just entering the world of mobile I encourage you to read the above article.
The basic metrics that we should analyze in the context of our applications
Click to install time interval (click to install time CTIT)
This is the period of time that elapsed from clicking on an ad to the moment when the application was installed (in practice, first run). It is, of course, affected primarily by the speed of our Internet connection, but usually, this process takes at least 30 seconds. A significantly lower CTIT value indicates that the installation may have been caused by the Click Injection method. On the other hand, if the time from the click to the installation of the application is far too long (according to Circlewise it is more than 2 hours) we are dealing with the Click Spamming method. In order to protect our customers from the risk of incurring the costs of fraudulent traffic resulting from the above actions, Circlewise has the option to introduce appropriate Click Injection and Click Spamming interval values. All installations that do not meet the set conditions will be counted with zero commission. Additionally, in our panel, on the campaign statistics level, it is possible to check what percentage of a publisher’s traffic is suspected of Click Spamming – thanks to this, if it is too high in a given case, we can decide to reject the given affiliate from the program and, in special cases, reject all installations (or other transactions subject to campaign settlement).
Geo-location of clicks, installations and events within the application
Traffic originating from device farms or bots is very often masked in terms of location by VPNs. It is worth comparing the geo-location of clicks, installations, and events inside the application in order to detect suspicious differences (in extreme cases, a click and an installation may be registered in country X, while a single user activity inside the application will be assigned to country Y). In our system, after setting the target geo-location for a given campaign, all installations and other transactions (e.g. registrations, sales) will be counted without the commission assigned to them. Additionally, our panel makes it very easy to analyze the traffic of a given publisher with respect to the country they come from. Single cases shouldn’t worry us, but if the percentage is too high we should definitely take a closer look at the quality of a publisher’s traffic.
Conversion from installations to in-app events / retention rate
Especially in the case of traffic generated by device farms we will have to deal with extremely non-quality installations. Most likely the app will be removed from the device in a very short period of time. It is also worth looking at the retention rate, which tells us how many users are still using the application. In case of installations coming from farms we should not expect too high values.
Conversion from clicks to installation
In the end, I left the most obvious and basic indicator. A too high conversion rate may suggest that we are dealing with motivated traffic – the user installs our application in order to receive some benefit (e.g. in a mobile game application in the form of virtual currency). On the other hand, a too-low conversion rate may suggest that we are dealing with the simplest Click Spamming. Before launching the campaign, it is worth establishing the so-called Hard KPI concerning, among other things, the range of acceptable conversion – if it is not met, the publisher will not receive any remuneration.
Knowledge and data analysis is the key to success
I really hope that the content of this article will not discourage anyone from running mobile app campaigns. Yes, the risk of fraud is very high and unfortunately, it is still growing, but we have all the tools and knowledge to deal with this challenge together. This text is just the beginning of our crusade against fraud, stay tuned for more in the future!
 Interceptd, Q2 2019 Mobile Ad Fraud Report, https://interceptd.com/wp-content/uploads/2019/12/interceptd-q2-2019-mobile-ad-fraud-report.pdf