Article

Categories B2B, Mobile

From Click Spam to Click Injection: How to Detect Different Forms of Mobile Click Fraud

Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.

Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.

What is click spam?

Mobile attribution manipulation fraud is a term that encompasses click spam and click injection fraud, whereby fraudsters attempt to steal an advertiser’s marketing budget by falsely claiming to have influenced an app install.

Click spam is performed by generating fake clicks on behalf of (but unbeknownst to) real users. Once a user opens an app (or mobile web page) that is being utilized by fraudsters, fake clicks can be generated in the background to appear as if the user has engaged with an advertisement. Fraudsters can perform these clicks anytime the app is active, which is why they are more likely to abuse apps that require constant activity, or constantly running apps (such as memory cleaners). The important takeaway when learning about click spam is that regardless of method, the user very likely won’t see an ad and they never actually engaged with one, so any attributed activity cannot be legitimately be attributed to these fake ad engagements.

This is particularly damaging because click spammers are poaching organic users: the most valuable users to your app. The impact is twofold. Firstly, this results in advertisers paying for what was rightly theirs without payment. Secondly, click spam compromises an advertiser’s analytics. creating unwarranted expectations for the retention and CPI of paid traffic.

How is click spam detected?

Click spam occurs on a massive scale, so mobile measurement partners do their utmost to protect clients from these attacks. This can be done by looking at click distribution because click spamming sources can’t behave in the same manner as genuine traffic. Your everyday, legitimate distribution will typically show a large quantity of conversions within an hour after the ad engagement (click), followed by a fast reduction. In contrast, click spam sources will show a random distribution of conversion times in your data because they have no control over when the install is finalized by the user – meaning that their CTIT graph will display as a flat distribution.

However, while it is useful to detect click spam after the fact, it is less strain on an advertiser’s resources if click spam is detected before attribution. This way, the cashflow to fraudsters will be cut, no makegoods need to be negotiated and budgets stay actionable for legitimate campaigns. Therefore, it’s important to speak with your mobile measurement provider about sufficient click fraud prevention, not just detection.

What is click injection?

Click injection is another term that falls under the umbrella of mobile attribution manipulation fraud. If fraudsters have access to an Android app, they can listen to package_added broadcasts to know when other apps have been downloaded. Android broadcasts exist as a useful messaging system across apps, but they can also be abused by fraudsters. This is because Android apps can subscribe to receive broadcasts for events that may be of interest (you can learn more about broadcasts from the Android system and other Android apps by reading the official overview). Fraudsters can also listen to package_added broadcasts by creating their own app.

Another common click injection method is the Content Provider Exploit. This is when fraudsters claim attribution by injecting a click after a user clicks to install (via Google Play Store) but before the app is downloaded and opened. Both methods allow fraudsters to trigger clicks before the install is complete – ensuring that they receive credit for that install. Just like other forms of click fraud, click injection fraud steals an advertiser’s budget and compromises their data. It is another way in which organic installs are wrongfully paid for by the advertiser.

How is click injection detected?

In order to detect click injection, mobile measurement partners need to track timestamps for when a user started an install (install_begin time) and when an install is finished on the device (install_finish time). With access to this information, they can prove the user’s intent to install came before the fraudulent claim. Those claims can, therefore, be detected before attribution, meaning that your ad spend is safe from click injection fraud.

Fraudsters are always looking for more sophisticated means of stealing an advertiser’s budget, so it’s important to choose a mobile measurement partner you trust to actively combat these attacks. When choosing your partner, make sure you are protected from each type of mobile fraud, and that they can explain how their prevention systems sufficiently stop fraudsters from stealing your ad spend. You should also consider the dangers of SDK spoofing, and how your MMP plans to protect you from this increasingly prevalent threat.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Infographic: The State of Universal Content Management 2020

Infographic: The State of Universal Content Management 2020

Marketers are wasting too much time on unnecessary content-related tasks due to siloed organisational structures and lack of technology integration. This was a key takeaway from a London Research report published...

Linus Gregoriadis
Linus Gregoriadis 30 June 2020
Read more
Promote Your Blog On These 30 Places

Promote Your Blog On These 30 Places

Social Media channels are one of the best ways to promote your blog content, but you shouldn’t stop there. Besides Social Media, there are more available places on the web which can be a great marketing tool for your...

Aleksej Đurđević
Aleksej Đurđević 7 December 2016
Read more