Bad Ad Networks Part 1: The “Axis of Evil” in Mobile Ad Fraud

This is the first of a three part series on how ad networks form an “Axis of Evil” in terms of mobile ad fraud. In part 1 we examine the scope of the problem. Part 2 provides some easy checks to identify ad fraud and Part 3 reviews the effect of cutting off fraudulent networks. For more information, please visit

Simple Questions and Answers About Mobile Ad Fraud

If all the hand-wrenching over mobile ad fraud is real, then it naturally follows that many players must be fraudulent. Who are they and how can we as an industry stop these bad actors?

This series is our engineers’ in-depth analysis of these questions. For the first post of our series, we explore three conclusions:

  1. Bad ad networks are real and constitute an axis of evil in mobile ads.

This analysis relies on real campaign data, the sort of data which are readily available to any advertiser who cares about fighting fraud. If you disagree with any of my conclusions please contact me directly — only by creating an open dialogue about ad fraud can we heal our ecosystem and destroy sophisticated fraud schemes..

We are covering this subject in a three part blog series. In our first post here we argue that malicious ad networks are a bigger problem than malicious publishers. In our second post we will describe some simple checks anybody can run to detect malicious ad networks. In our final post we will demonstrate the effect of removing malicious ad networks on organic installs.

Bad Ad Networks are an “Axis of Evil” in the mobile advertising ecosystem.

The mobile ad sector can be broken down into three parties: advertisers, ad networks, and publishers.

  1. The advertiser determines which product to promote (typically app installs through mobile ads) and what key performance metrics to use (typically “cost per install”).

We begin with a quick note about publishers, who draw the most criticism from the industry. Indeed, malicious publishers have many tactics at their disposal:

  • They can charge an advertiser for a fake or unserved impression.

Any publisher using these tactics is obviously bad, and any app caught engaging in this behavior should be immediately blacklisted. However, this subject is well covered and we will instead highlight ad network fraud. We define “ad network” throughout this series to mean any entity with an agglomeration of publishers who interact directly with advertisers as an end client. This definition is expansive enough as to include affiliate networks and DSPs.

We believe fraudulent behavior from ad networks has the potential to be far more malignant for three reasons:

1. The impact of a bad ad network is significantly greater than that of a publisher.

Publisher fraud is limited to users who install a fraudulent app. When an ad network turns fraudulent, all the publishers — whether or not they are innocent — become fraudulent.

For example, one of the most popular types of ad fraud today today is “click on impression” in which a rotten network sends out a fake click for every impression it serves (a miraculous 100% click through rate!) and attempts to poach organic installs. Obviously, the harm from such a bad network is far greater than a handful of publishers.

2. Bad networks are shockingly common.

Bad networks are rampant. Don’t just take our word for it, Tune also published a report on the subject. We’ve confirmed these findings by drilling down into one particular client’s campaign:

Fig 1: Install breakdown by ad network in a real campaign. 68% of ad networks show 50%+ fraud rate.

Figure 1 shows weekly install count by ad network from a real campaign we examined. For each network, we classified installs as either fraudulent (red) or normal (green) based on Tune’s fraud detection result. The campaign utilized 19 ad networks in the campaign, among which 13 (68%) had a majority of installs tagged as fraudulent.

The networks that drove the greatest volume of installs fared the worst. Among these networks, 87% of installs were tagged as fraudulent. When we looked at other advertiser campaigns, we saw the same pattern — the worst offenders were commonly the largest channels.

3. Bad ad networks foster bad publishers.

If you use good networks, you should not worry about publisher level frauds as much. Good networks police bad apps for you and blacklist them for you if needed. Bad networks, however, do exactly the opposite. They not only “leverage” those fraudulent publisher apps to achieve their goals, but also spread the fraud among many other publishers.

Click injection is a good example. This practice began at the publisher-level among a small number of apps. Nowadays though, bad networks have spread this practice across their apps. In the campaign we studied above, one network saw over 30% of their installs coming from click injection. This doesn’t even touch on the impact of SDK spoofing, which is a concern we will address in future posts.

Some might wonder “How could this happen? These are legit companies!” This was also our belief, until we examined the raw data. The incentives are all there. Suppose your business found a shady but easy way to make a lot of money with very little chance of being caught. Would you do it? What do you expect your competitors would do? Does this affect your thinking? Sadly, this is the current state of the mobile industry.

This is the first of a three part series on how ad networks form an “Axis of Evil” in terms of mobile ad fraud. In Part 2 we detail some easy checks you can make to root our bad networks and Part 3 reviews the effect of turning off bad networks. For more information, please visit

Analysis and insights from the world’s most sophisticated mobile advertising technology provider.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store