From Click Spam to Click Injection: How to Detect Different Forms of Mobile Click Fraud
Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.
Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.
What is click spam?
Mobile attribution manipulation fraud is a term that encompasses click spam and click injection fraud, whereby fraudsters attempt to steal an advertiser’s marketing budget by falsely claiming to have influenced an app install.
Click spam is performed by generating fake clicks on behalf of (but unbeknownst to) real users. Once a user opens an app (or mobile web page) that is being utilized by fraudsters, fake clicks can be generated in the background to appear as if the user has engaged with an advertisement. Fraudsters can perform these clicks anytime the app is active, which is why they are more likely to abuse apps that require constant activity, or constantly running apps (such as memory cleaners). The important takeaway when learning about click spam is that regardless of method, the user very likely won’t see an ad and they never actually engaged with one, so any attributed activity cannot be legitimately be attributed to these fake ad engagements.
This is particularly damaging because click spammers are poaching organic users: the most valuable users to your app. The impact is twofold. Firstly, this results in advertisers paying for what was rightly theirs without payment. Secondly, click spam compromises an advertiser’s analytics. creating unwarranted expectations for the retention and CPI of paid traffic.
How is click spam detected?
Click spam occurs on a massive scale, so mobile measurement partners do their utmost to protect clients from these attacks. This can be done by looking at click distribution because click spamming sources can’t behave in the same manner as genuine traffic. Your everyday, legitimate distribution will typically show a large quantity of conversions within an hour after the ad engagement (click), followed by a fast reduction. In contrast, click spam sources will show a random distribution of conversion times in your data because they have no control over when the install is finalized by the user – meaning that their CTIT graph will display as a flat distribution.
However, while it is useful to detect click spam after the fact, it is less strain on an advertiser’s resources if click spam is detected before attribution. This way, the cashflow to fraudsters will be cut, no makegoods need to be negotiated and budgets stay actionable for legitimate campaigns. Therefore, it’s important to speak with your mobile measurement provider about sufficient click fraud prevention, not just detection.
What is click injection?
Click injection is another term that falls under the umbrella of mobile attribution manipulation fraud. If fraudsters have access to an Android app, they can listen to package_added broadcasts to know when other apps have been downloaded. Android broadcasts exist as a useful messaging system across apps, but they can also be abused by fraudsters. This is because Android apps can subscribe to receive broadcasts for events that may be of interest (you can learn more about broadcasts from the Android system and other Android apps by reading the official overview). Fraudsters can also listen to package_added broadcasts by creating their own app.
Another common click injection method is the Content Provider Exploit. This is when fraudsters claim attribution by injecting a click after a user clicks to install (via Google Play Store) but before the app is downloaded and opened. Both methods allow fraudsters to trigger clicks before the install is complete – ensuring that they receive credit for that install. Just like other forms of click fraud, click injection fraud steals an advertiser’s budget and compromises their data. It is another way in which organic installs are wrongfully paid for by the advertiser.
How is click injection detected?
In order to detect click injection, mobile measurement partners need to track timestamps for when a user started an install (install_begin time) and when an install is finished on the device (install_finish time). With access to this information, they can prove the user’s intent to install came before the fraudulent claim. Those claims can, therefore, be detected before attribution, meaning that your ad spend is safe from click injection fraud.
Fraudsters are always looking for more sophisticated means of stealing an advertiser’s budget, so it’s important to choose a mobile measurement partner you trust to actively combat these attacks. When choosing your partner, make sure you are protected from each type of mobile fraud, and that they can explain how their prevention systems sufficiently stop fraudsters from stealing your ad spend. You should also consider the dangers of SDK spoofing, and how your MMP plans to protect you from this increasingly prevalent threat.