Mobile Ad Fraud Taxonomy

Presenting a Mobile App Install Ad Fraud Taxonomy

Moloco
Moloco
Jun 12, 2018 · 3 min read

In our series on fighting ad fraud, Moloco proposes a taxonomy for the major classes of mobile ad fraud.

Background

While the web advertising industry remains relatively mature, the mobile ad ecosystem is still very much the wild west. We still see a lot of M&A activity, many of the major companies are hiring very fast, and the industry events are lavish by any standard. From outwards appearances, the industry is quite healthy.

The multi-billion dollar secret, however, is that a lot of fraudulent behavior is the norm within the industry. As traffic passes from publishers to networks to attribution providers to your reporting dashboard, there are many points of failure. In our prior article we argued that networks are the worst actor, but we note that every time traffic gets passed along this chain there is an opportunity for fraudsters to step in. If networks got cleaned up, fraudsters would find a new attack vector.

To further complicate matters, this chain will continue to grow and adapt. This already happened when attribution providers first stepped into the scene. They existed initially to provide a referee to much of the ad fraud in the space. However, if an attribution provider could hypothetically be corrupted by fraudsters, then we may see additional links added to this chain.

Therefore, when considering a taxonomy of mobile ad fraud, we looked for a framework flexible enough to account for all the myriad ways the landscape may evolve. Here is what we propose

Our Taxonomy

We propose this simple taxonomy of mobile ad fraud:

While people may argue of semantics at each stage, it is clear no install could exist outside this basic rubric. In our experience, it turns out to be quite useful, as most installs can be bucketed into these categories. Let us look:

Phantom Install

This category includes fraud where there was an actual install but no download such as existing user, SDK spoofing, attribution bug.

SDK spoofing

This is a form of bot-based fraud. Fraudsters add code to one app that sends simulated ad click, install, and engagement signals to an attribution provider on behalf of another app.

Junk Install

A junk install occurs when there’s no real user behind an install. Examples include install farms, emulator, incentivized, deviceID reset.

Device ID Reset

This is the latest and not so greatest emerging source of mobile fraud. Every mobile device has its own DeviceID, which fraudsters reset between each install, to generate what looks like new clicks and, in turn, unique installs.

Install Farm

Installs farms are physical locations with sometimes even thousands of real mobile devices. Fraudsters click, install, and engage with mobile apps providing lucrative payouts and huge drains for victims.

Poached Organic

This category includes fraud such as click injection, click spamming, fingerprint abuse. Here are some examples:

Click on impression

A rotten network sends out a fake click for every impression it serves (meaning a miraculous 100% click-through rate!) and attempts to poach organic installs.

Click injection

This is a form of attribution stealing where someone else is getting credit for 80% of the installs you drive. This means 80% of your revenue is lost! The practice began at the publisher-level among a small number of apps and spread across apps. A more advanced form of click spam, after identifying a download of an app has begun, fraudsters trigger clicks before the organic install completes effectively receiving the credit.

Real Paid Install

If an install does not fall into these other three categories, we presently assume it is a “real install” and deserves attribution.

Conclusion

Do you agree with our taxonomy? Why or why not? Did we forget any forms of fraud that could exist outside this framework? Please tell us your thoughts. We believe the only way we can combat mobile ad fraud is by working together.

If you are interested in fighting ad fraud, we recommend DoubleCheck, a free anti-fraud suite that syncs with your existing MMP data. Please email us at doublecheck@molocoads.com or visit http://molocoads.com/ for additional information.

Moloco

Written by

Moloco

Analysis and insights from the world’s most sophisticated mobile advertising technology provider.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade