How to Avoid Fraud in Mobile App Marketing

The objective of this article is to help you, as an app developer, advertiser or network, to discover fraud in your performance based mobile campaigns. Fraud is a common phenomenon when buying mobile app users, so developers, networks and advertisers must be aware of its existence and the methods to detect and deal with it.

There are two approaches to detect fraud, a very short one and a pretty long one:

The short version: If it is too good to be true, it is fraud!

The above is obviously a generalization, but it does hold true in about 90% of cases. You can be an app developer who just launched his user acquisition campaign, getting dozens of users who even perform in app events, yet you end up finding that none of these users are real; or a network that tried a new publisher and got thousands of installs, only to find out later they were all incentivized so most of them deleted your app the same day; or a publisher who just found the hottest offer for double the rate via a less known network.
Only to find out the network was scrubbing the numbers. Therefore, the problem with this method is not its inaccuracy, it’s the lack of ability/interest to terminate a campaign just because it is too good to be true. Consequently, in most cases, you will take the extra steps to make certain you are not losing on a potentially good opportunity just because it seems too good.

Now to the most frustrating part: Most fraudulent transactions in your app (whether they are installs or in-app events) – will not be a result of malicious intentions on your partners’ end – It will most likely be a result of bad intentions of one of their partners, or their partners’ partners, or their partners’ partners’ partners… In order to deal with such traffic – You have to facilitate the right mix of technology, experience and dedicated, qualified human resources. In this article I will review how to spot each one of the fraudulent traffic types and nip it in the bud.

This brings us to the long version, so lets start.

Fraud can be divided into three different categories:

  • Forbidden traffic
  • Technical frauds
  • Networks fraud

Forbidden traffic
The most common method of using forbidden traffic is when a publisher sends incentivized traffic to a non-incentivized offer. Meaning, the publisher used low quality traffic and is expecting you to pay premium rates.

The easiest way to discover this kind of activity is by looking at the conversion rate (from click to install).
You know your product, so you should know the average conversion rates one may expect. If, for example, your conversion rate is 2.5% (and ranges +-2%), the likelihood of getting a 25% conversion rate with similar traffic is almost non-existent. Therefore, in most cases as the above, you are getting incentivized traffic.

There are several other ways to get such a high conversion rate, the most common one is by using “brand bidding” on search engines, so make sure to forbid it in your IO.

The “smart” fraud-publishers try to hide the incentivized traffic within non incentivized traffic. They usually buy cheap clicks in order to decrease the conversion rate. The best way we found to reveal this practice is by running an hourly report where you may see sharp peaks in clicks.

We, at Performance Revenues, avoid this kind of low quality traffic by using our in house technology- The KPI Hero: The technology automates the optimization process by automatically eliminating low quality traffic sources, based on the app developer’s KPIs. This means that the app developer set up an in-app event that matters the most, and our technology automatically optimizes across multiple traffic sources to reach that goal. The KPI Hero enters into action even before the users become active in the app, by detecting fluctuations in CR from click to install.

For example, an app developer sets a KPI of 25% conversion rate from app install to in-app purchase. Utilizing this technology enables us to guarantee that we only send traffic that achieves this goal, making it a CPA campaign in essence. This way the app developer doesn’t have to worry about getting low quality traffic and doesn’t even have to keep sending us feedback and optimization instructions.

The other way to use forbidden traffic is when publishers use specific sources which you don’t want anyone to use. This may be because you have already tried them in the past and lost money or because you know that this is a good source and you want to work with them directly, or when these are the types of sources that may hurt your brand.

This fraud type is much harder to discover. The best way to fight it is to try and avoid it in the first place by using an aggressive IO: For example, you may place in the IO the following sentence: “The sources below: XXX, YYY, ZZZ are forbidden. Using them will terminate the agreement and the publisher will not get paid for his traffic”.

Technical fraud
Technical fraud is based on machines that are programmed to generate mobile activity, using bots. This type of fraud is the shadiest one, as it is literally pure theft.

There are two types of such fraud: The first type can usually be identified when a network is promoting an advertiser and the conversion is registered only on the network side and doesn’t appear on the advertiser’s side. This scenario usually means that the fraudster hacked the network’s tracking platform (made the postback fire by technical means), yet there was no real transaction that took place and therefore the advertiser doesn’t see the transaction. It is pretty easy to fight such fraud: All that needs to be done is to whitelist the advertiser’s IPs, and only these IPs can launch your postback. This might push the fraudster to hack the advertiser’s
tracking platform:

By accomplishing this, the fraudster has caused the advertiser to see conversions that didn’t really happen. The advertiser can recognize such fraud when the user’s value is 0, and no actions were ever made by these users. Lots of fraudsters like to say that the “traffic was low quality, but not fraud”, however, this is pure fraud, not worth anything at all. To clarify: The conversion can be install (most common), but it can also apply to the full spectrum of in app events, which makes the app developer think that the source has high quality traffic.

The only way to fight it is by using a fraud detection tool. These tools detect and analyze several parameters per each conversion. For example:

  • IP Reputation – The IP address was historically associated with high risk characteristics like spoofing and other patterns that correspond to proxy and botnet activity
  • Hosting Provider – An IP belongs to a hosting provider’s range. Unlike regular Internet Service Providers (e.g. T-mobile, Verizon), when a visit is generated from a hosting provider’s IP, it is most often associated with automated, non-human traffic.
  • Proxy – The IP address is a known Proxy.
  • Spoofing – The user’s device and browser were manipulated to resemble a different device or browser. This technique is commonly used to produce a real life distribution of traffic and simulate traffic from multiple visitors.
  • Device Reputation – Multiple submissions are generated from the same device ID, which exhibits fraudulent characteristics.

The tool then alerts you, for example, when conversions come from abused IPs, or when there is unusual or suspicious behavior of the traffic, such as when 95% of the conversions came from Explorer for an iPad campaign or a strange geo location. These tools also rely on information that is aggregated across multiple networks, to detect specific proxies and other facilities commonly used by fraudsters. These tools provide alerts for suspected fraudulent traffic;
however the decision remains in your hands. We are using Forensiq, which is the most advanced mobile fraud detection tool. We configured it to automatically alert us on any suspicious traffic. This tool usually finds the fraud conversions well before our clients become aware of it, which enables us to inform our clients about it and deduct these numbers. Since most of our clients are used to be the ones to complain about suspected fraud to their
suppliers, this practice significantly tightens the cooperation between our companies, as it enables our clients to rely on us to detect and to terminate fraudulent activity, even without their feedback. Moreover, it saved us from paying fraudulent sources for traffic we are not going to get paid for once the advertiser analyzes the data at the end of the month.

Networks that are not using a dedicated fraud detection platform are gaining some easy revenues in the short term by getting paid for fraud traffic (and saving the cost of these tools), but eventually will be left out of the game. Advertisers are advised not to buy traffic from network that doesn’t utilize such fraud detection tools.

Recently, some tracking providers started using internal fraud detection tools, which help the app developers find the fraud by themselves. For example: Kochava and adjust. Other networks are intending to add a third party tool, like we do.

Networks Fraud
There are many networks out there. Some are decent, some fraud their clients (as you read above), and some fraud their publishers. The below specifies the latter. It is a common case to see a specific (usually a very popular) offer that many networks have at the same rate. Then all of a sudden, one network provides the offer at a significantly higher rate. In most cases this may be due to the network’s ability to get higher rates from the advertiser, however, some networks are able to extend higher payouts through deception, by deleting (“shaving”
or “scrubbing”) conversions from the publisher (and thus offering a higher rate per reported conversion).

Publishers who suspect that their network is practicing the above may detect it by running the said offer through several networks and comparing the conversion rate (Note that conversion rates may slightly fluctuate between networks due to different tracking platforms).

Another type of network fraud happens when networks don’t pay their publishers for unjustified reasons, such as claiming fraud where there is none, and networks that simply don’t pay until they vanish and leave all of their publisher’s debts unpaid. These are usually very small and shady networks or the ones that are over-flashy, promising their publishers to get rich fast. Such networks don’t have any right to exist, as they cut off the branch they sit on. So, if you see an unknown network that offers great payouts – check it out carefully, and if you can – get a prepayment.

Another point which was mentioned earlier and should also concern publishers: Networks that intentionally frauds the advertiser, by sending incent traffic to non-incentivized offers (or by other means) are also dangerous for the publishers, because eventually the advertiser will not pay the network and the publisher will not get paid. Therefore, if you are in the game for the long run, don’t do business with such networks. You can recognize them when they tell you that you may bundle incent with non-incent traffic (on specific ratio, 50-50 for example), or
when the offer pays way too high for incent traffic – be suspicious!

So remember – If it’s too good to be true, it’s usually fraud…

Contact Us