20% of ad clicks on average are frauds

Don't pay for clicks generated by bots, competitors
or uninterested clickers

Mobile Ad Frauds

TrafficWatchdog team

08.02.2021 r.

mobile, ad frauds, Internet, fake, bot

Mobile Ad Frauds

source: own elaboration

With the advent of the Mobile channel, many advertising solutions were copied from the Desktop and then adapted to its needs. At the same time, new types of marketing activities were emerging, created for this rapidly developing direction. The same applies to advertising scams - partly the same that advertisers faced in traditional campaigns, and partly completely new threats, dedicated to this new marketing communication channel. So, what are Mobile Ad Fruads and what types of them can we distinguish?

Mobile Ad Fraud is nothing more than an attempt to deceive an advertiser, honest publisher or partner by using mobile advertising technology (i.e. prepared for devices such as mobile phones, smartphones, tablets, palmtops, etc.). In recent years, this type of fraud has been gaining popularity very quickly due to the constantly growing number of Mobile channel users and, at the same time, the low detection of frauds related to it. Mobile ad scams can take many forms, but can be broken down into 4 main groups depending on where the fraud occurs:

  • user, device, and even conversion (download, install, click, etc.) are real;
  • user and device are real, but the conversion is false;
  • device is real, but user and conversion are fake;
  • user, device and conversion are fake.

When the user, device and conversion are real

In this case, we are dealing with theft of the correct conversion from the advertiser or the honest publisher, who generated it. When it comes to mobile apps, the most common settlement is for the last click on the attribution path, and the fraudsters are well aware of this and use several types of frauds, which allows them to attribute conversions to themselves:

  • Click Spamming, or Click Flooding, occurs when scammers send a large number of genuine-looking clicks with hope that the organic installation will match the same device ID or other personal information. Although this largely counts on a coincidence, contrary to appearances, as a result of such actions, fraudsters are often attributed to real conversions. This type of attribution scam is usually most effective for popular apps as the chances of downloading them are much higher.
  • Click Injection, which is a slightly more sophisticated form of click spam, is particularly widespread in last-click campaigns. In this case, the scammer uses his own application installed on the user’s device to monitor its future installations. If this program detects that a new application is being downloaded, it will generate a click in it and thus leave a fraudster trace in the conversion history, even though the scammer had nothing to do with it.

When the user and device are real but the conversion is false

Fraudsters take advantage of real users and their devices, but fabricate the desired actions. An example of such Ad Fraud is the deliberate Device ID reset - a scam consisting in periodic downloading, uninstalling and reinstalling the application, with each subsequent installation counting as new, although it concerns the same device and user. This is because the scammer resets the device ID. According to AppsFlyer, this type of fraud accounted for 26% of all frauds related to mobile installations in 2018, generating losses of up to USD 1 billion.

Another form of cheating that can be included in this category is Ad Stacking, i.e. „overlapping” multiple ads so that the user sees only the message at the top of the stack. While only one ad is actually visible, the rest of the creative appears below it at the same time, creating the impression that they are shown to the audience. In this case, fraudsters receive remuneration from advertisers for ads that they didn’t actually display.

While the device is real, but both the user and the conversion are fake

In the past, this type of Ad Fraud was associated mainly with Device farms, i.e. having many mobile devices by the fraudster, programmed to perform certain actions automatically. Of course, it also happened that the Farms employed very low-paid workers, performing tasks manually, but the development of technology quickly showed that similar solutions are ineffective.

To a large extent, they have been replaced by BOTs, robots and other solutions providing incorrect, and therefore not coming from real users, traffic - IVT (Invallid Traffic). So, this category includes any scams that mimic human behavior on real devices.

Another example of Ad Fraud in this category is Spoofing SDK (Software Development Kit, a set of tools for programmers necessary in creating applications using a given library, for a given system, hardware, etc.), i.e., creating false installations using data from real devices. Spoofing SDK is based on a malicious application that is connected to a legitimate application generating clicks and other actions in it, without the need to install it first. This method is considered to be one of the most difficult to detect type of Mobile Ad Fraud.

Nothing is real and yet the advertiser still pays...

This is the most sophisticated type of Ad Fraud in the Mobile channel, as it doesn’t require the user or the device to be real. These types of scams are done entirely by using intelligent BOTs and Emulators that manipulate communication along the attribution path (history of a given conversion). BOTs are programs that can perform any action in an automated manner, much faster than a human. Properly written and configured, they can make Ad Frauds very difficult to detect.

On the other hand, an emulator is software that allows you to operate one device with another. In this way, the emulators can look like smartphones and perform fake app installs without using real devices and users.

Another example of similar marketing scams may be Bundle ID Spoofing. This method was first discovered in June 2018 and consists in fraudsters deceiving advertisers that their ads are displayed in one application when in fact they are displayed elsewhere. This is possible thanks to the change of parameters and giving the fake application identifiers of the right one.

Mobile Ad Frauds are becoming more and more popular. The scale of their operation is enormous - for example, Trend Micro MARS reported 1,088 applications that contained SDK designed for fraudulent purposes - before they were removed from Google Play, they were installed 120,293,130 times. Advertising scams in the Mobile channel are also, above all, gigantic financial losses - it is estimated that fraudsters earn from tens of billions to even several trillion dollars a year on Ad Frauds in mobile devices. But the monetary losses is only one consequence of such practices for entrepreneurs. The data collected from advertisements is used by marketing departments and managing bodies to make strategic decisions, and through this type of activities the information obtained from them will be significantly different from the real ones. In addition, any advertising fraud always affects the brand, threatening its reputation, and losses in this area can’t be estimated.

Recommended articles

Contact us

in order to present me a product offer and for marketing purposes. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer information, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

within the meaning of art. 10 paragraph 2 of the Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204) to the provided e-mail address and telephone number. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer informations, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

in relation to the phone number and email address I have provided for direct marketing purposes by Spark DigitUP Sp. z o.o., owner of the TrafficWatchdog.pl