Why Attribution Tools by Themselves are not Enough to Combat Mobile Ad Fraud | Mobile Marketing Association
December 10, 2018
Submitted by App Samurai Inc.

Probably every user acquisition manager’s nightmare is the lack of campaign measurement. A multi channel advertising strategy involving different platforms and ad networks requires a lot of manual work in order to calculate Return on Advertising Spend (ROAS) for those channels you employ. This is essential for determining which traffic provider is supplying the most active/engaging/profitable users. Every source needs to be benchmarked on user behaviour and the calculated lifetime value (LTV). The sources with higher scores obtain higher advertising spend.

Why you need MMPs

To operate a successful mobile app operation an analytics and tracking tool is essential. Mobile Measurement Platforms or MMPs enable app publishers and advertisers to track every impression, click, install and in-app event and attribute each install to a corresponding click. When the source of the click is known and the install attributed ROAS can be calculated. MMPs do tracking and attribution very well as this is their core competency. They are the accountants of the mobile advertising market.

Why you cannot trust MMP’s attribution data alone

You need MMPs to track your campaigns; but trusting their attribution data alone is not a wise move. This is because of mobile ad fraud.

Mobile ad fraud can render attribution data inaccurate or misleading.  Although what MMPs do includes complex data processing, what they are essentially doing is basic: attributing installs with correct ad clicks; if there is none, then the install is deemed to be an organic one. For the cases where users click several different ads over time, MMPs employ a technique called “last click attribution” and the last click before the install occurred wins. The install is attributed to that last click and ad network and publisher that provided that click is subsequently rewarded.

Unfortunately fraudsters are adept at manipulating this process being able to claim that they provided the last click when in fact they played no part in driving that app install. These ‘bad actors’ know how attribution mechanics work and can easily fool attribution platforms into crediting them with the install. The various fraud tactics and techniques deployed by these ‘bad actors’ are too numerous to detail here but basic techniques include:

  • Creating malicious apps or code to monitor app install activity in the background and when a new app install takes place the app/code sends a series of clicks to the MMP before the install is complete to get credit for the install even though it was most likely an organic install (click injection or click hijacking)
  • Sending large numbers of fraudulent click reports in the hope of delivering the last click prior to install (click flooding or click spamming).
  • Using large numbers of devices (Device farms) to click on ads and install apps with no interest in using the apps
  • Emulating devices on servers to send clicks and installs from those virtual devices
  • Spoofing the attribution tool SDKs by creating a bot that hides on an app and generates a number of simulated clicks, installs and post install events that are pinged to the MMPs server (SDK spoofing).

All these techniques are designed to manipulate an MMPs attribution system with the result of many organic installs being wrongly attributed to fraudsters which means the advertiser has to pay the fraudulent source for a user they probably didn’t need to pay for. These false signals cause disruption to marketing strategies as organic installs are under reported and more budget is unnecessarily wasted on paid channels.

For a user acquisition manager not being able to rely on or trust data that is being generated from UA campaign is disheartening. Imagine you acquired 1K users and 500 of them are bots. Their in-app engagement will be half of what it actually should be. For example; if you are expecting 20% Day7 Retention Rate (RR) it will in reality become 10%.

Imagine you have acquired 1K users but 500 of them are organic but falsely attributed. Although organic users often have higher engagement levels you shouldn’t have had to pay for these users.

Imagine you wanted to acquire 1K users and an SDK Spoofer greedily sends you 5K installs. You will see no in-app engagement (even if they spoof the engagement, it will not be real and generate revenue). Even worse; if you stop the campaign when you reach your cap of 1K installs, SDK Spoofer continues to send the installs and now you think you have 4K organic installs with no in-app engagement. If this case is a soft-launch before a real campaign, so that you can monitor Retention Rate (RR) and calculate Lifetime Value (LTV), good luck clearing the data.

This is actually a real case we have faced when we soft-launched an app and ended up seeing 12K fake organic installs  with 0% RR because of SDK Spoofing. It caused us a tremendous work to identify fraudulent installs and clear our data.

MMPs are required to track your campaigns; but as soon as there is fraud in advertising, we cannot trust the sole attribution data we see on their dashboards; because they are the ones who have been duped by the fraudsters.

Who are these fraudsters

The biggest players include app owners whose apps generate millions of downloads and billions of clicks and ad networks that work with legitimate advertisers and publishers. This allows them to understand and manipulate attribution mechanics.

Fraudulent networks have their SDKs in thousands of apps giving access to millions of real devices. They have information on thousands of active ad campaigns. They know about advertisers and they monitor real users. By day they could well be legitimate players driving value for the market. By night they behave like gangsters stealing from bona fide participants in the app economy.

Why you need an anti-fraud solution

For a UA Manager a dedicated anti-fraud solution offers the best defence to mobile ad fraud and keeps marketing data clean and actionable. Fraud prevention platforms look for click and install patterns and anomalies in user behaviour to differentiate real installs from fake ones. Most anti-fraud tools provide post install reports and provide scoring systems. Some allow you to reject installs in near real-time to prevent you from paying for the installs.

With  Interceptd we offer more than this. We aim to help advertisers identify the best channels to spend their money, shield and protect their marketing data and increase the profitability of their app with better ROAS.

Interceptd is not an attribution platform so there is no conflict of interest. We are an independent auditor dedicated to intercepting fraud attempts handling thousands of impressions per second each of which helps the platform learn and become more efficient.

If MMPs are accountants of this market, anti-fraud solutions are the auditors

The biggest challenge anti-fraud tools face is to falsely accuse a real click as fraud (false-positive), or not blocking a fraudulent install (false negative). This is where UA managers have to be careful when selecting which anti-fraud solution they choose to work with. Spoiler alert: it is not MMP’s own anti-fraud solutions.

4 Reasons why you should choose a specialist fraud prevention platform over an MMPs solution

  • MMPs get fooled by fraudsters. If an MMP has an anti-fraud detection system, it should be included in their core attribution service. UA managers trust MMPs to identify the source of each install.

    If attribution tools know that a particular install is not legitimate but attributes it anyway and then requests that the customer pay extra to be told it wasn’t in fact a legitimate install then that doesn’t seem entirely ethical.
  • False-negatives are in favour of an MMP’s business model. MMPs charge their customers based on the number of attributed installs so rejecting fraudulent installs decreases this number. Imagine receiving 100% fraudulent installs on your campaign. Do you think your MMP will be happy to inform you of this and not charge you for that campaign?
  • As mentioned earlier some fraudsters are app publishers that also need attribution services. Surely it is a red flag situation and a potential conflict of interest. It is not in any MMP’s interest to lose their biggest customers even though they are also one of the biggest fraud generators.
  • MMPs rely on ad networks who are also culpable to receive clicks to be attributed later. It is not in the MMP’s interest to call to account the offending ad network who will undoubtedly threaten to limit traffic for future campaigns using that MMP.

All parties in the app ecosystem; Advertisers, publishers and ad networks are all affected by ad fraud. Legitimate ad networks see performance suffer and cannot optimise their sources towards campaign targets. Legitimate publisher apps get clicks stolen from them. Advertisers pay for non-existing users or paying for organic downloads. As a result, everyone’s marketing data is a mess.

You are trusting MMPs to track your data You pay or get paid based on their data. They are the accountants of every player but note that an accountant cannot be its own auditor.



Emre Fadıllıoğlu, CEO, Interceptd.com