Ronen Mense, VP APAC at Appsflyer presents at our Developer Series at China Joy 2017 - giving a comprehensive look at the state of mobile ad fraud today and how advertisers can best combat it.
3. #1Global market leader in mobile
attribution & marketing
analytics
500B
Mobile actions measured
globally per month
65%Market share according to 4
independent studies
300 staff
Across 13 offices globally
15,000+Customers
9. IP, user agent filtering
(blacklisting)
Basic Protection
Industry fights back, focusing on
real time protection
Install &
receipt validation
Distribution modeling
(mean-time-to-Install)
Intro AppsFlyer
Intro to Basic Fraud
Intro to Adv. Fraud
Why is this so dangerous? Bleeding Cash
How to fight back?
2 solution classes: basic (anomalies) & advanced (big data)
Used for Prevention & Detection
Real-time prevention is not enough
You must ask yourself how are tom & jerry connected to mobile ad fraud?
Even in CPA fraud, a basic approach relies on pre-programmed bots that follow a specific engagement pattern (which is also easily identified), trying to improve their retention and engagement rates. Others attempt
Active IP, user agent and device ID filtering. Algorithms actively monitor mobile ad interactions to automatically verify legitimate activity and catalog suspect or mismatched IP addresses, user agents and device IDs. BUT An IP can easily be switched (if door is closed, enter through the window), while a device ID can be reset.
Receipt & install validation: connecting to the app store’s servers to validate the legitimacy of an install or in-app purchase
Distribution modelling. Big data models are capable of detecting anomalies such as mean-time-to-install (MTTI), geographic distribution, click volume by IP address and device ID, user agent versus IP benchmarks and more. As with any machine learning, scale of data is extremely important so the larger your provider’s scale, the more data an engine can train on to deliver effective results.
In click-flooding, criminals send a massive number of clicks, hoping to deliver the last click before an install.
Install hijacking, also known as click injection is a type of mobile fraud that uses malware to send fraudulent click reports during the install process. Like click hijacking, this malware is often hidden in apps that otherwise appear legitimate as well as apps downloaded via third party-app stores.
DeviceID Reset Marathons is when criminals perpetrate DeviceID Reset Fraud at large scale. By clicking on real ads, installing the actual apps, and engaging with the apps, in massive, scaled device-farms, fraudsters generate seemingly legitimate activity. During a DeviceID Reset Marathon, fraudsters reset their DeviceIDs between each install at incredible scale, generating a tremendous amount of traffic from New DeviceIDs while bypassing real-time anti-fraud protection measures.
Many criminals attempt to hide their install fraud by enabling Limit Ad Tracking on their devices
Two reasons
With new types of fraud, fraudsters can claim real, organic and engaged users.
The ROI looks amazing.
Marketers don’t ask questions. CEO put more money in. Bottom line
Mobile fraud detection encompasses a set of technologies and reports that help mobile marketers identify fraud. Whereas mobile fraud protection uses a variety of rules and signals to block fraud in real-time, many advanced types of fraud require deeper analysis to detect based on a combination of big data - really big -, real-time machine learning and AI
On top of install validation + IP filtering, you need device level protection:
Automatically Block Fraud Devices
20+ cross-publisher data-points
Analyzed by DeviceID
Updated Daily
Mobile fraud detection encompasses a set of technologies and reports that help mobile marketers identify fraud. Whereas mobile fraud protection uses a variety of rules and signals to block fraud in real-time, many advanced types of fraud require deeper analysis to detect based on a combination of big data - really big -, real-time machine learning and AI
Click to Install Times spread out evenly or follow highly linear patterns
Detection requires macro view of CTIT (increments of hours or days)
low click-to-install conversion rates and/or high contributor rates.
5 seconds block but in 10-15 seconds some are legit! Need very short increments
Detection requires granular breakdown of CTIT (increments of a few seconds)
High install rates from New Devices or ones with Limited Ad Tracking
15-20% at most new install rate
Detection requires device-level insights powered by a massive, global Anti-Fraud Database
High install rates from New Devices or ones with Limited Ad Tracking
Detection requires device-level insights powered by a massive, global Anti-Fraud Database
reen = can be real-time / orange = can be partially real-time / red = can't be real-time
Ctit, install validation, low conversions and more ways to automatically block click fraud
Click redirection and forced clicks you have to look at publisher level and find anomalies
Mislabled incentized traffic: need to find the anomalies
Click hijacking / install hijacking
So yes this is a game of cat and mouse but we need to make sure that this is where we are at - always staying ahead of the curve as it moves very very fast