Modern Mobile Ad Fraud and How Developers Can Fight Back
Today, it goes without saying that advertising represents an immense challenge for developers trying to gain visibility for their apps. Beyond the rising costs of acquisition and the difficulty of running ad campaigns across dozens of channels, there is an additional factor adding to the complexity: mobile ad fraud. According to White Ops, ad fraud cost digital advertisers well over $8.6 billion in 2015. However, beyond the money it steals away from app advertisers, fraud also undermines the much-needed trust across all players of the mobile ad ecosystem. This, in turn, generates additional costs and slows down the development of a healthy industry where everyone wins.
One of the first steps that app developers can take in combatting fraud is to understand it in all its modern forms. For this reason, here is a short primer presenting a typology of the most common forms of ad fraud and what can be done to fight them.
Technical vs Compliance Fraud
First of all, most fraud types can be split along the following line: technical fraud and compliance fraud. Technical fraud is committed through the use of a technical trick aimed at gaming the adtech system. In almost all cases, the goal of technical fraud is to fake an advertising event, such as an impression, a click, an install, etc. Compliance fraud, on the other hand, does not require any specific technology but uses deceitful tactics to exploit the platform’s vulnerabilities. Contrary to technical fraud, it does not aim to fake any event, but rather tricks the users into performing a desired action.
Fraud Typology Along the Conversion Funnel
Fraud activity can take place at all levels of conversion funnel, from impression to post-install events. The stage at which fraud is most likely to be perpetrated generally depends on the KPI that the advertiser is either paying for or optimizing towards. For instance, for mobile programmatic/RTB advertising, advertisers pay per impression (CPM), which is why fraudsters are likely to focus on impression fraud. For CPI campaigns, where advertisers pay for each install, fraudsters will try to fake installs, and sometimes even post-install events when the campaign is optimized towards the latter.
Here are examples of fraud techniques used along these two typology lines:
The process by which fraudsters stack several banners on top each other, serving and charging for all of them, while only one of them can effectively be seen.
Placing an ad in a space where it can very seldom be seen.
Generating a fake transaction ID by dropping it onto a user visiting a certain website having no relationship with the advertised app. If the user later downloads the target app, for instance through an app store search, the original publisher is credited for the install.
The use of deceptive creatives in order to trick the user into clicking on the ad. Examples include: displaying a false promise, or advertising for a different app than the one the ad actually leads to.
Install & Post-Install Fraud
Simulating a postback event to fake either an install or a post-install event.
Rebrokering advertising offers from one publisher to the next makes for a very murky advertising ecosystm, as end up without knowing where the install comes from.
Combatting Mobile Ad Fraud
Now, the good news: A lot can be done to combat fraud. The first step is obviously to work with advertising partners that are aware of fraud, understand it, and take effective measures to fight it.
Generally, fraud fighting requires the combination of technology, data, and people, and can take place at three different stages: prevention, detection, and reaction. From this typology we derived the following fraud-fighting matrix:
Let’s take a look at a few of the techniques currently in use:
1. Pattern Recognition and Heuristics
The general idea is to recognize unusual patterns that are likely to be generated by a bot rather than by an actual human user. For instance, an important number of clicks coming from the same IP address, unusually high conversion rates or abnormally high levels of post-install events coming from a single publisher, etc. If increasingly sophisticated machine-learning algorithms help ad technology companies detect fraud more systematically, humans remain essential for interpretation and confirmation.
2. Detecting Patterns Before the Impression Gets Served (RTB)
With programmatic advertising, and real-time bidding (RTB) more specifically, it is possible to carry out media buying at the impression level. The advantage of a RTB-enabled platform is that it can “listen” to programmatic bid requests without necessarily bidding on them, and therefore detect fraudulent patterns before the impression gets served, thereby saving the advertiser time and money.
3. Integrating with Advertisers’ First-Party Data
For advertisers, onboarding first-party data such as post-install behavioral events can help a great deal in detecting fraudulent activity, because it is much harder to fake post-install events than clicks or even installs. For instance, if you are running a CPI campaign but notice that the users coming from a certain source have no post-install in-app activity, fraud can be suspected for that particular source.
4. Database of Blacklisted IPs
Once a publisher or a specific IP has been flagged as fraudulent, it can be added to a blacklist for the future. All IPs belonging to the same hosting provider can possibly also be blocked post-install.
It is idealistic to believe that mobile ad fraud can be eradicated and, as is the case for all types of fraud, it will always remain a game of cat and mouse. However, raising awareness across the industry and making sure that all stakeholders are taking steps against it is a good start to seriously curb the issue.
For a more in-depth study on mobile fraud, check out AppLift’s new report, Fighting Mobile Fraud in the Programmatic Era.