Michael Cole
Everflow Blog
Published in
9 min readNov 22, 2019

--

Effective mobile user acquisition has become increasingly challenging due to a complex history of rampant fraud. Marketers are funneling their advertising spend to fewer and safer choices, like Facebook and Google, driving up costs and limiting options for growth.

How bad is mobile user acquisition fraud? During the first half of 2019, 23% of non-organic app installs could be considered fraudulent (MobileMarketer, 2019).

Marketers usually start considering anti-fraud solutions only when they’re worried and want to protect themselves. Anti-fraud is considered a necessary defense and the cost of doing business. However, an effective anti-fraud strategy can leverage that data as the key to unlocking under-utilized and inexpensive traffic sources.

How can you use anti-fraud data to help open up new inventory? On a basic level, this data allows you to feel safer about testing new inventory. Unfortunately, when fraud data is only used reactively, it ends up expending massive amounts of time with scrubbing and optimization each month. You can go from reactive to proactive by pushing this data to your inventory sources, and having them make smarter decisions.

For proactive anti-fraud data use, Adjust’s Fraud Protection Suite shines compared to third party anti-fraud vendors. As the attribution partner, Adjust has direct access to the critical data for immediately analyzing performance and catching fraud sources. They are able to pass this flagged fraud data to your inventory partners, who can make automated decisions on their traffic channels with advanced platforms, like Everflow.

Why does this matter? With Adjust, you’re looking at the big picture, but you’re often not interacting with the individual placements. When fraud occurs, you have no option but to cut off the sources and scrub everything delivered. This often leads to heated conversations with inventory partners, and at some point, it’s not worth your time or mental energy to continue testing them.

Leveraging your anti-fraud data by passing it to partners that use the Everflow management platform offers a better solution. With Everflow, your partners can automatically block both the conversion and the flagged traffic sources, which removes the painful scrubbing process. Since Everflow clients are directly connected with their publishers, they are able to notify them regarding why each placement was blocked, protecting the relationship on all sides.

Bold Screen Media is an example of an Everflow client that effectively leverages Adjust’s data for safer user acquisition. We will cover how they use Adjust’s data to protect their advertisers, furthering the battle against fraud.

First off, we’re going to walk through the types of fraud that Adjust’s Fraud Prevention Suite was built to catch, and how they protect you from it.

Understanding Mobile Fraud

Mobile Fraud can eat up your precious ad spend and, worse, mislead you by insinuating that the fraud source is driving quality conversions.

Here are four prolific types of mobile ad fraud:

Fake installs — These are fake installs and events generated by scripts and emulation to replicate real users. The smarter the fraudster, the more ability they have to both deliver faked installs and to use bots to open the app and emulate normal user activities, such as regularly logging into the app to simulate retention.

Click Injection — A known Android exploit, where an opened app fires off its own click tracker for your app right after a real user has started downloading, but before they have opened the app. This allows the fraudster to take credit for the real user app install (which is attributed on the open), even though they weren’t the source of the user.

Click Spamming — The fraudster has fired off their click tracker on a massive amount of cheaply reached users with the hopes of stealing credit for any organic installs that would have happened. Since the user didn’t choose to reach your app through an ad, but instead actively chose to download your app, they tend to be much higher engagement users. If you were just looking at event engagement you would think the fraudster was a high quality source, but in fact they were just taking credit for the highly engaged users you would have received regardless.

SDK Spoofing — This is, by far, the scariest, as it can completely blindside both you and your UA partners from fraudulent publisher sources. The fraudster uses fake device information to create artificial installs, and then makes these appear deceptively legitimate by using real device data curated from other sources. They send this install and engagement data directly to the app developer, the MMP and marketing partners — basically all of the API endpoints they have available. This skews everyone’s data. Fortunately, Adjust makes this protection available for free to all of their clients, thanks to their SDK signature making sure that all attributions go through the highest standards of security.

How Adjust’s Fraud Prevention Suite Catches these Fraud Types for Marketers

“Making sure attribution to fraudulent players is denied is the most important step in the fight against ad fraud as this neutralizes the fraudsters ability to invest into improving their operation.” — Adjust Team

Adjust knows how critical it is for all marketers to be empowered with a solution that catches fraud before wasting precious user acquisition dollars.

Here is how they address these common fraud tactics:

Stopping Bot Traffic:

Adjust has built multiple layers of defense to stop bot traffic and emulated device activities. The first layer is checking the SDK signature in runtime against SDK Spoofing that is available to every Adjust SDK client. If the device passes the test and the app publisher has activated the Adjust Fraud Prevention Suite, then the data is run through their Anonymous IP Filter. By utilizing Maxmind’s locational data they block installs that have their IP hidden via proxies. These installs are marked as rejected installs, and can be easily viewed and analyzed as ‘Untrusted Devices’ inside the Adjust reporting dashboard.

Stopping Injection:

Adjust combats this Android fraud tactic by utilizing the latest Google GPS Install Referrer API. As the click injection tactic requires firing of a click before the app is opened, Adjust does not attribute any install to engagements that happened after the app started downloading from Google Play.

Stopping Spam:

Click Spamming can be complicated to catch when looking at baseline metrics. The quality appears to be great, as the users were stolen from your organic conversions.

Adjust utilizes two strategies to catch this:

Hyper Engagement Filter — Click spammers love to send waves of clicks to steal credit for installs, but also delivers unnaturally high click-through rates and low conversion rates. Adjust’s filter rejects attributions to engagements where identical engagements are happening several times as users rarely click on the same placements repeatedly.

Distribution Modeling Filter -This method leverages a statistical approach to score attribution and uses this data to reject installs driven by click spam. This adds a layer of probabilistic fraud prevention, on top of the deterministic Hyper Engagement Filter, providing two strong layers of click fraud prevention.

Stopping SDK Spoofing:

As mentioned, SDK Spoofing is achieved by the fraudster circumventing the SDK and sending fake conversion signals directly to the server. Adjust combats this by having a multi-layer encryption setup (think — super advanced banking software) that is required to be passed by the SDK in order to return data to the Adjust servers. As the spoofers don’t have this information, it makes it nearly impossible for them to send fake data.

How Marketers Can Be Set Up to Receive Scale Safely

Adjust’s Fraud Prevention Suite protects marketers from the major fraud sources. You can utilize this data feedback to expand out your placements and partnerships to maximize cost-efficient growth. Bold Screen drives performance for marketers through a curated set of media buyers and direct placements. If marketers receive fraud from one of those media buyers, that doesn’t always mean the media buyer is committing fraud. It just means that one of the placements they’ve bought was delivering fraud.

In the cases of click spamming and SDK spoofing, that media buyer could have received excellent quality feedback from unprotected advertisers and mistakenly evaluated them as a high quality source instead of as fraud. Blindly shutting off an entire partner after receiving some fraud restricts advertisers from valuable quality partnerships. However, receiving significant fraud installs every month is unacceptable.

Fortunately, thanks to their automated SmartSwitch optimization set up through their Everflow tracking platform, Bold Screen delivers a better solution to this problem. Everflow’s SmartSwitch feature allows Bold Screen to automatically deactivate the traffic sources that are associated with Adjust’s Fraud Protection Suite flags. Bold Screen owns their publisher relationships, enabling them to immediately communicate the blocked sources for the publisher to deactivate.

“One of the trickiest issues with fraud is determining what is clearly fraud, and what is a false positive. Traditional anti-fraud vendors rely heavily on probabilistic detection methods that are only as good as their data models,” said Michael Cole, VP of Marketing, Everflow. “With SmartSwitch, we decided to build a deterministic anti-fraud solution that makes automatic decisions based on clearly defined rules. Our strength is blocking traffic on the placement level, which makes Adjust the perfect partner since they directly own the data for determining what is true fraud.”

This setup integrates Adjust’s data with responsive action to protect both marketers and their curated publisher relationships from these fraud sources. Actionable fraud prevention and proactive communication is critical to build lasting relationships for the entire ecosystem.

How Bold Screen goes the extra mile to protect marketers

“When you’re driving User Acquisition for advertisers, you need to be constantly vigilant for catching and deactivating low quality sources,” says Chris Catlow, GM of Mobile Performance, Bold Screen. “A single bad source can permanently damage your reputation. It’s a huge relief having access to tools like Everflow’s SmartSwitch that allow us to proactively block these placements using Adjust’s data, so our team can focus on optimizing up the best placements, instead of the worst.”

Bold Screen uses Everflow to set up additional protections to further complement the existing fraud protection suite with additional defenses. Since Bold Screen owns their relationships and communications, they are able to protect advertisers at the click level and block traffic sources before they cause damage.

Targeting Protections

The first thing Bold Screen does for new advertisers is implement targeting controls. These targeting controls ensure that only users matching the advertisers Device and Geo will be delivered to the app. This user data is detected by Everflow using Digital Element and DeviceAtlas for determining the user’s location and device type, respectively.

Proxy Blocking

In addition to Adjust’s proxy defenses that utilize the Maxmind IP Database, Bold Screen also uses proxy blocking for all of these offers. On Bold Screen’s side, proxies are detected by Everflow’s Digital Element dataset and then automatically blocked whenever they pop up, providing a second line of defense against this common fraud tactic.

Automated SmartSwitch CTIT (Click To Install Time) Detection & Blocking

Bold Screen offers another level of protection against click injection and click spamming by utilizing SmartSwitch automation to block traffic sources if they are delivering suspicious CTIT (Click To Install Time) signatures. Bold Screen matches their internal click timing with Adjust’s conversion timing and uses this to catch fraud:

1) For any CTIT <15 seconds, this is impossibly quick for a normal offer to be fully downloaded and opened, which means it’s almost certainly click injection taking last second credit.

2) For CTIT >24 hours, whenever Bold Screen sees a placement with more than 30% of its conversions taking place after 24 hours, and with very low conversion rate, they know this is almost certainly a click spammer trying to poach your organic users.

In both situations, Bold Screen automatically blocks the placements delivering these suspicious activities and notifies their publishers to stop buying traffic from those sources.

Automated Event Rate Optimizations with SmartSwitch

Advertisers can no longer rely on just looking at their install totals; the metrics that really matter are the post engagements. Fortunately, Bold Screen has a smart way to utilize marketer’s Adjust event data to automate the optimization for all of their publisher’s placements. Bold Screen ensures that all of their placements must deliver a minimum install-to-event rate over a 24 hour time period. Any placement that doesn’t prove itself to be delivering sufficient events will automatically notify both Bold Screen and the publisher, so they can optimize those placements accordingly.

Creating a Better Ecosystem through Deeper Tools

The challenge of effective mobile user acquisition keeps increasing. Rampant fraud has forced advertisers to cut out massive amounts of potential inventory for fear of quality. No one wants to spend all of their time playing whack-a-mole with fraudsters and shady companies, but that is all too often the reality without the right data and tools in place.

Adjust provides marketers with the essential data for understanding the true value of their user acquisition and a Fraud Protection Suite for protecting themselves from faked signals. This safety empowers marketers to scale by working with partners that leverage these data points, like Bold Screen, rather than being restricted to buying expensive users from Facebook and Google.

Bold Screen turns your data into automated action through the Adjust to Everflow platform integration. Using your data to cut out the bad sources, and letting you rest comfortably knowing your acquisition is scaling with the best practices. Every time a source gets blocked, that communication reaches Bold Screen’s partners, helping them permanently deactivate these fraud sources. Taking action leads to a better ecosystem where smarter data-driven tools give fraud no place to fester.

--

--