A Multi-Step Plan to Combat App Install Fraud
This piece was originally published in MarTech Series.
By Jeff Marshall, CEO, CrossInstall
Every day, marketers’ concerns about the billion dollar mobile ad fraud problem increase. Like a chess game, it is imperative for marketers to stay steps ahead of fraudsters with built-in deterrence. Once fraud occurs, it is usually too late to do much about it, and the best a marketer can do is put a proverbial band-aid on a budget-eating wound.
The only way for marketers to combat fraud is to make a multi-step plan of action to prevent it before it ever happens. Even with built-in fraud prevention mechanisms, advertisers should be proactive and remain aware of how layers works independently and jointly to guard against fraud. These multiple layers of protection encompass relying on exchanges, using DSP bot detection with attention to anomalies, and protecting oneself with interactive ads. If advertisers are missing one of these layers, they should understand the risks they are taking as new types of fraud arise.
Addressing Different Types of App Install Fraud
The latest and not so greatest emerging source of mobile fraud and, specifically, app install fraud is DeviceID reset fraud. Every mobile device has its own DeviceID, which fraudsters reset between each install, generating what looks like new clicks and, in turn, unique installs. Many of these sources of fraud stem from international click farms. Marketers are seeking ways to avoid DeviceID reset fraud, click spam and flooding, and simulated installs, among others. While it is impossible to avoid 100% of fraud, having a plan of action can mitigate the harmful effects. Advertisers should make fraudsters jump through as many hoops as possible so their ad isn’t worth the time. Below are three layers of protection we recommend marketers employ in order to combat the growing threat of app install fraud.
Protection Layer 1: Exchanges
Fortunately, working with exchanges offers a level of fraud protection in itself, as they have their own prevention mechanisms. Exchanges monitor and react to fraud in real-time. They take action through a wide variety of tactics which can include live human reviews, automatic filters, machine learning and more. And some exchanges even credit money to the advertiser when they find something wrong. For instance, MoPub, a leading exchange, outlines in its document, How MoPub is making high quality supply a priority, a three-pronged approach to deter fraud. The company leverages internal processes, product checks, and strong partnerships. This is the first layer fraudsters must pass through to complete their nefarious actions. And it is comforting that the first layer of protection has built-in defense mechanisms that ensure supply quality is up to par.
Protection Layer 2: Bot Detection And DSPs
If marketers are working with an exchange, fraudsters must pass a bot detection layer once they get through the exchange’s initial fraud detection mechanisms. This is where Demand Side Platforms (DSPs) come in by blocking data center IPs and looking for device ID anomalies or an abnormal number of requests. It’s actually difficult for fraudsters to hide in the shadows. DSPs that remain vigilant about spotting anomalies can help advertisers fight the problem head on. Meanwhile, DSPs ensure they don’t bid on IP addresses that could not be mobile devices. For example, Amazon server IP addresses come from data centers so a mobile device couldn’t have one of these same IPs.
Since fraud leads to low quality traffic, a DSP would be compelled to turn off that source of traffic. Plus, suspect anomalies in the data are a cause for further investigation. DeviceID reset marathons, when devices are reset repeatedly at massive scale, can even involve real people but occur in such high concentrations that it is clearly fraud based on IP addresses or VPNs. These provide clues in halting the fraud.
Programmatic is a much cleaner format because it makes fraud more difficult. Programmatic DeviceID reset fraud and other types of app install fraud — such as device IP wiping and VPN geo-spoofing — cause abnormalities that make them easily detected.
Protection Layer 3: Interactive Ads
Interactive ads have built-in fraud counteraction mechanisms not offered by any other format. While many companies have the first two protective layers in place, the third one is missing.
It’s Difficult For Bots To Establish A Pattern For Interactive Ads
Bots work off patterns, so their installs require their algorithms to be programmed for a rinse and repeat scenario. Fortunately, all interactive ads vary. They can use clicks, taps, pinches or other interactive actions to reach the end card, making it more difficult for a fraud robot to replicate. Each has a different script, game flow, and overall uniqueness, making it difficult to simulate fraudulent clicks. With ads varying in format and time length, fraudsters can’t identify patterns and spoof the ads. This fights click farms head-on.
It’s Not Worth The Time For Fraudsters
While most people assume a greater amount of fraud is why more of a marketer’s budget is sunk with the issue, fraudsters are actually just becoming more slick. Like marketers, savvy hackers want to optimize their rate of return, so they are more likely to target ads that are shorter and more pattern-based instead of the variant interactive ads. To get to the true click URL, someone must get to the App Store. This means the user can have up to 25 seconds worth of actions to complete. With interactive ads, advertisers can track to see if actions seem like human or bot engagement. Frankly, there is easier fraud out there.
Fraudsters Don’t Complete The Job
Interactive advertisers who are performance buyers don’t measure success solely based on installs. Even if a fraudster is able to spoof an app and move through an interactive ad, proactive advertisers will ask questions if they are not hitting their KPIs or seeing interactivity. Post-install activity, including retention and in-app purchases, actually means more, which makes it difficult for fraudsters who believe their job is complete after the install.
It is the responsibility of the entire advertising industry to promote tools that work and to hold those tech platforms accountable that don’t sufficiently prevent fraud. Competitors and partners alike, everyone is on the same side in the battle to extinguish the criminal practices that weaken the industry as a whole. During the panel “Ad Quality: Who’s Responsible?”at Programmatic I/O New York, Shaune Kolber, Programmatic Creative and Ad Fraud Manager at Dell, mentioned that everyone, including brands, are responsible for deterring ad fraud and that “It’s about setting standards and following up on that.”
It is to an advertiser’s advantage to proactively understand their multiple layers of fraud protection and know the implications of a missing layer. As in a chess game, advertisers strive to stay several steps ahead of fraudster’s shady practices.