Mobile Ad Fraud Taxonomy

Presenting a Mobile App Install Ad Fraud Taxonomy

In our series on fighting ad fraud, Moloco proposes a taxonomy for the major classes of mobile ad fraud.


While the web advertising industry remains relatively mature, the mobile ad ecosystem is still very much the wild west. We still see a lot of M&A activity, many of the major companies are hiring very fast, and the industry events are lavish by any standard. From outwards appearances, the industry is quite healthy.

Our Taxonomy

We propose this simple taxonomy of mobile ad fraud:

Phantom Install

This category includes fraud where there was an actual install but no download such as existing user, SDK spoofing, attribution bug.

SDK spoofing

This is a form of bot-based fraud. Fraudsters add code to one app that sends simulated ad click, install, and engagement signals to an attribution provider on behalf of another app.

Junk Install

A junk install occurs when there’s no real user behind an install. Examples include install farms, emulator, incentivized, deviceID reset.

Device ID Reset

This is the latest and not so greatest emerging source of mobile fraud. Every mobile device has its own DeviceID, which fraudsters reset between each install, to generate what looks like new clicks and, in turn, unique installs.

Install Farm

Installs farms are physical locations with sometimes even thousands of real mobile devices. Fraudsters click, install, and engage with mobile apps providing lucrative payouts and huge drains for victims.

Poached Organic

This category includes fraud such as click injection, click spamming, fingerprint abuse. Here are some examples:

Click on impression

A rotten network sends out a fake click for every impression it serves (meaning a miraculous 100% click-through rate!) and attempts to poach organic installs.

Click injection

This is a form of attribution stealing where someone else is getting credit for 80% of the installs you drive. This means 80% of your revenue is lost! The practice began at the publisher-level among a small number of apps and spread across apps. A more advanced form of click spam, after identifying a download of an app has begun, fraudsters trigger clicks before the organic install completes effectively receiving the credit.

Real Paid Install

If an install does not fall into these other three categories, we presently assume it is a “real install” and deserves attribution.


Do you agree with our taxonomy? Why or why not? Did we forget any forms of fraud that could exist outside this framework? Please tell us your thoughts. We believe the only way we can combat mobile ad fraud is by working together.

Analysis and insights from the world’s most sophisticated mobile advertising technology provider.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store