Article

Categories B2B, Mobile

From Click Spam to Click Injection: How to Detect Different Forms of Mobile Click Fraud

Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.

Digital ad fraud has been estimated to cost advertisers up to $19 billion a year, with video and mobile counting as the highest-risk channels. Mobile ad fraud is a widespread threat that affects all verticals, so it’s imperative that you have sufficient fraud prevention tools in place to protect your ad spend and maintain reliable data. In this article, we’ll define the two most common forms of attribution manipulation (click spam and click injection) and detail how they can be detected.

What is click spam?

Mobile attribution manipulation fraud is a term that encompasses click spam and click injection fraud, whereby fraudsters attempt to steal an advertiser’s marketing budget by falsely claiming to have influenced an app install.

Click spam is performed by generating fake clicks on behalf of (but unbeknownst to) real users. Once a user opens an app (or mobile web page) that is being utilized by fraudsters, fake clicks can be generated in the background to appear as if the user has engaged with an advertisement. Fraudsters can perform these clicks anytime the app is active, which is why they are more likely to abuse apps that require constant activity, or constantly running apps (such as memory cleaners). The important takeaway when learning about click spam is that regardless of method, the user very likely won’t see an ad and they never actually engaged with one, so any attributed activity cannot be legitimately be attributed to these fake ad engagements.

This is particularly damaging because click spammers are poaching organic users: the most valuable users to your app. The impact is twofold. Firstly, this results in advertisers paying for what was rightly theirs without payment. Secondly, click spam compromises an advertiser’s analytics. creating unwarranted expectations for the retention and CPI of paid traffic.

How is click spam detected?

Click spam occurs on a massive scale, so mobile measurement partners do their utmost to protect clients from these attacks. This can be done by looking at click distribution because click spamming sources can’t behave in the same manner as genuine traffic. Your everyday, legitimate distribution will typically show a large quantity of conversions within an hour after the ad engagement (click), followed by a fast reduction. In contrast, click spam sources will show a random distribution of conversion times in your data because they have no control over when the install is finalized by the user – meaning that their CTIT graph will display as a flat distribution.

However, while it is useful to detect click spam after the fact, it is less strain on an advertiser’s resources if click spam is detected before attribution. This way, the cashflow to fraudsters will be cut, no makegoods need to be negotiated and budgets stay actionable for legitimate campaigns. Therefore, it’s important to speak with your mobile measurement provider about sufficient click fraud prevention, not just detection.

What is click injection?

Click injection is another term that falls under the umbrella of mobile attribution manipulation fraud. If fraudsters have access to an Android app, they can listen to package_added broadcasts to know when other apps have been downloaded. Android broadcasts exist as a useful messaging system across apps, but they can also be abused by fraudsters. This is because Android apps can subscribe to receive broadcasts for events that may be of interest (you can learn more about broadcasts from the Android system and other Android apps by reading the official overview). Fraudsters can also listen to package_added broadcasts by creating their own app.

Another common click injection method is the Content Provider Exploit. This is when fraudsters claim attribution by injecting a click after a user clicks to install (via Google Play Store) but before the app is downloaded and opened. Both methods allow fraudsters to trigger clicks before the install is complete – ensuring that they receive credit for that install. Just like other forms of click fraud, click injection fraud steals an advertiser’s budget and compromises their data. It is another way in which organic installs are wrongfully paid for by the advertiser.

How is click injection detected?

In order to detect click injection, mobile measurement partners need to track timestamps for when a user started an install (install_begin time) and when an install is finished on the device (install_finish time). With access to this information, they can prove the user’s intent to install came before the fraudulent claim. Those claims can, therefore, be detected before attribution, meaning that your ad spend is safe from click injection fraud.

Fraudsters are always looking for more sophisticated means of stealing an advertiser’s budget, so it’s important to choose a mobile measurement partner you trust to actively combat these attacks. When choosing your partner, make sure you are protected from each type of mobile fraud, and that they can explain how their prevention systems sufficiently stop fraudsters from stealing your ad spend. You should also consider the dangers of SDK spoofing, and how your MMP plans to protect you from this increasingly prevalent threat.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
10 Digital Marketing Trends for 2019 you Should Know

10 Digital Marketing Trends for 2019 you Should Know

As digital trends evolve every year, marketers should always be aware of the changes in order to easily adapt with emerging technologies and stay ahead in the market. This will help them gain a competitive edge and...

Georges Fallah
Georges Fallah 27 December 2018
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
What Marketing Content Do Different Age Groups like to Consume?

What Marketing Content Do Different Age Groups like to Consume?

Today marketers have a wide choice of different content types to create; from video to blogs, from memes to whitepapers. But which types of content are most suitable for different age groups?

Lisa Curry
Lisa Curry 21 October 2016
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more