App Install Advertising Underworld
August 28, 2017
than five percent of app installs from non-premium ad networks are
fraudulent, costing mobile marketers up to $300M in ad spend every year.
A report, The Underworld of App Install Advertising, is based on the
analysis of 140 million app installs and 11 billion user events between
January through May of 2017 and dives into the most recent fraud
techniques and attack patterns in mobile user acquisition advertising.
The study analyzes fraud in the wild from more than 490 ad networks and
publishers, and focuses on the widely understudied issue of app install
fraud as well as provides critical steps for advertisers to effectively
combat the growing army of sophisticated fraudsters.
Over the past several years, the user acquisition strategy of mobile
marketers has shifted to a cost-per-install (CPI) and
cost-per-engagement (CPE) model to enable direct attribution of
marketing investment to user growth. Fraudsters, to capitalize on this
new opportunity and net rewards nine times that of a fraudulent clicks,
are inserting themselves into the ad supply chain in the form of fake
sub-publishers and farm or steal clicks and installs using a variety of
tactics and techniques, including install farms, mobile device
emulators, click injection apps, and more.
“As we look at fraudsters across various industries, one thing remains
the same - there are more tools available than ever for sophisticated
criminals to skirt detection and they are taking full advantage of
them,” said Ting-Fang Yen, director of research, DataVisor. “As more
money is poured into mobile advertising, the incentive to try and steal
it grows. Mobile marketers around the globe have to be vigilant in
protecting their ad spend and making sure the users they pay for are
legitimate, otherwise millions of dollars are wasted on fake users,
seriously impacting both your budget and bottom line.”
Bad Actors Give Oscar-Worthy Performances
As marketers have grown less trusting of “per install” incentive ad
campaigns, they have increasingly used campaigns that pay for active
users rather than simply installs. To go undetected, sophisticated
fraudsters are becoming really good at simulating the behaviors of
normal users and performing in-app events, or opening the app multiple
times after download. DataVisor found that more than 84 percent of
fraudulent installs generated at least one in-app event after
downloading. Additionally, 29 percent of fraudulent installs return to
the app during the second day, and 18 percent return in seven days. The
fact that fraudsters are artificially generating app opens and other
retention events at a rate even higher than that of legitimate users
demonstrates the lengths criminal organizations will go to cash in on ad
budgets, using a combination of human labor farms and bot-based scripts
to emulate real engagement.
All Campaigns Are Not Created Equal
While the overall fraud rate average across all ad networks is 5.3
percent, fraud rate varies widely within each ad network, fluctuating by
more than 50 percent over time. More importantly, many of these ad
networks can have upwards of 90 percent fraud rate for individual
campaigns, so an ad network that worked well for a previous campaign is
not guaranteed to work well for another. Therefore, marketers must
remain hyper vigilant during each ad campaign to ensure that the
inventory they are receiving is coming from legitimate users.
The Issue is Worldwide
data pulled from the DataVisor Global Intelligence Network, it was clear
to see how this type of fraud impacts countries around the world.
DataVisor discovered install fraud originates from more than 240
countries and territories, demonstrating this is a problem that plagues
advertisers worldwide. Of the top countries by install volume, DataVisor
found that the countries with the highest fraud rate include developed
countries in North America and Europe, likely due to bigger payout for
installs in those regions. The top countries with the highest fraud rate
during the period of study are Saudi Arabia (15.8 percent), India (7.8
percent) and the USA (6.5 percent).
DataVisor also analyzed the most popular device types and cloud services
for fraud, finding that use of cloud services for user acquisition fraud
is three times higher than that of social or financial fraud and more
than 20 percent of all fraudulent installs originated from a cloud
hosting provider. From a device standpoint, Android devices are the
preferred tools for conducting install fraud, used five times more often
than iOS devices.