One of the major segments that are targeted by fraudsters is gaming apps. Advertisers find it hard to target & map their users due to the infiltration of BOTs but the frauds in app ecosystem occur at various stages and are not just limited to GIVT (General Invalid Traffic) and SIVT (Sophisticated Invalid Traffic).
Fraud takes place at the impression level- Ad visibility and post-bid, Clicks – Driven by potential customers vs driven by BOT , at the install stage – actual Customer vs BOT simulated, and at the Event stage on soft KPIs like Login, Signups or Registration or on hard KPIs like hard KPIs Purchase and Deposits.
Let’s dive deeper to explore how frauds in app ecosystem are eating up your business and affecting your ROI.
Combatting App Fraud -Taking on the challenge
Dealing with frauds in app ecosystem requires identifying the core issues that plague the ecosystem.
In case of Publisher A, an advertiser noticed that the Conversion rate (CVR) is as low as 0.01% from 64,256,510 clicks recorded over the period of 9 days, which highlights the clear case of click spamming and a majority of these clicks are from non-targeted locations.
To understand it better, let’s consider the case of the gaming industry, In UAE, the number of users in the Mobile Games market is expected to reach 2.3m users by 2027. It has been a major target for fraudsters.
Attribution Hijacking
Publishers commonly work with attribution platforms for tracking events like installs, purchases, link clicks, etc. The fraudster acquires credit for the first/last click before the event, commonly installed in gaming apps.
By doing so, fraudsters obtain revenue from advertisers in exchange for the fraud credits. The method affects organic and inorganic users equally.
Install hijacking is commonly practiced by injecting false referrals or delivering false click reports.
Users who click on an install app are redirected to the Play Store, and whenever the user installs the app on the Android device, the other apps are alerted through Standard Android Broadcast.
Any malware installed through another app installation is triggered and builds a fake click report with install attribution towards the partner, even though it came from a media partner. Attribution hijacking is commonly witnessed in retargeting campaigns.
SDK Hacking/AKA Spoofing
Another fraud that happens through existing malware in user devices through app installation is SDK hacking.
This bot fraud spoof installs by tricking servers and providing monetary gain to cyber criminals. Brands using open-source technology or poor encryption should know that fraudsters use these loopholes for manipulating or reverse-engineering attribution codes.
Besides installs, SDK spoofing can engage signals. Identifying SDK spoofs watching out for install frauds and generating a report for fraud exposure. Ensuring secure communication between SDKs and servers, detecting behavioural anomalies, and using a solution for bot-detection.
In SDK spoofing the SDK of the app is hijacked/ controlled by the fraudsters. Since they are in control of the SDK, they can trigger any event they want too. These events are reflected on the MMP and not on the backend system.
Additionally, the only way of protecting yourself from this kind of fraud is doing an S2S integration. One of the largest drawbacks of mobile ad fraud is account takeover (ATO).
Conclusion
App fraud encompasses various deceptive practices often aimed at exploiting vulnerabilities, direct financial losses from unauthorised transactions, fraudulent charges, or deceptive in-app purchases.
Additionally, incidents of app fraud can erode users’ trust in app developers, platforms, and online services. This loss of trust can have long-term consequences, impacting user engagement, retention, and revenue streams.
High-profile cases of app fraud can tarnish the reputation of app developers, platforms, and the broader mobile ecosystem. App fraud poses significant risks to both users and businesses. To mitigate these risks, stakeholders must prioritise the implementation of robust fraud detection and prevention mechanisms. Build trust and transparency in the mobile app ecosystem. At mFilterIt, we see the issue of fraudulent installs and events across Banking, E-commerce, Delivery and Telcom apps. Try our Free Trial to understand how we can Help.
