Kochava  Track-And-Measure-Your-App-Growth

Busting nine of the biggest myths in app install fraud

Mobile Marketing - Member Content

App install fraud is much more common than most marketers realise. The team at Machine explains why so many people assume they're unaffected, and what they can do to avoid it.

If you’re paying for app installs, you’re paying for fraudulent app installs. It’s as simple as that. But there are some common misunderstandings in the industry, which can convince marketers they don't have a problem. As the only company dedicated to stopping app install fraud, Machine is here to bust the biggest of those myths.

Myth: “My app installs have great in-app performance – what’s fraudulent about that?”
This is the most common myth we hear and definitely the hardest one for marketers to accept. Unfortunately, the fact that your app installs are real and performing well, doesn't mean you should be paying for them.

It might sound counterintuitive, but this is how attribution fraud works – stealing the attribution from high performing organic installs. There are a couple of methods a fraudulent supplier will use – such as, install hijacking and click stuffing – to take advantage of the last-click attribution model.

Whatever methodology used, the end result is that marketers pay for installs they would have received anyway. Effectively, buying app installs they already own. Stop attribution theft and you’ll pay a lot less, but get the same install volumes and the same in-app conversion results.

In the first five months of 2018, Machine analysed over 22.4m app installs. 32.3 per cent of them were detected as being a result of attribution theft.

Myth: “Click volumes don't matter to me. My ad network told me it was technical problem.”
When you’re buying app installs on a cost-per-install (CPI) basis, why should you be worried about the click volumes? You’re not paying a cost-per-click so it’s not costing you anything, right? Wrong.

Quite often, when advertisers question high click volumes with their ad network ‘partners’, we often hear the excuse “oh, you don't need to worry about those clicks. It’s a technical fault, ignore them.” If you hear this, you definitely should be worried.

It’s a similar situation to one we laid out in the first myth above. High volumes of clicks – and low number of installs – from a single publisher ID is a sign of click stuffing. Fraudsters are trying to game the last click attribution model, sending through thousands of fake clicks in the hope an organic download happens at the same time, so they can steal attribution of a legitimate app install.

Myth: “I don't spend enough on app installs to be affected by fraudulent app installs.”
It’s true that the big spenders – who spend millions every month paying for app installs – lose the most money to fraudulent app installs. However, in percentages, it’s actually the smaller app business which lose out the most.

Big-spending verticals like gaming and gambling are in most cases – though certainly not all – well aware of the problem, and use services like Machine to protect themselves.

I guarantee, if you’re buying app installs from the market and you’re unprotected from fraud – or have a simple off the shelf product – the majority of what you’re buying is fraudulent. We’ve seen plenty of cases where the app installs are 100 per cent fraudulent.

Myth: “I only run my campaigns in the UK, so app install fraud doesn’t affect me.”
Many of our clients believe that high levels of fraud primarily affect campaigns running in Asia, Russia and the Middle East. In one way this is true – the fraud does often originate from these regions.

However, VPNs (Virtual Private Networks), as well as allowing us to all watch Netflix on holiday, also enable fraudsters to mask their real location and deliver fraudulent installs anywhere across the globe. We see similar levels of fraud in Europe as we do in Asia – regional targeting offers no protection.

Myth: “Demanding publisher transparency will keep my campaigns safe.”
I can definitely see the logic behind this belief; having an actual publisher name rather than a string of random numbers provides some assurance. It’s tangible.

But as a publisher, I’m solely responsible for providing a network or exchange with that name, and there is no form of verification for app inventory. It definitely requires a bit more effort for a fraudster to spoof lots of publisher names, but the actual process is ultimately no different to providing a string.

Recently, News UK estimated that marketers are wasting $950,000 (£739,000) per month on domain-spoofed inventory – fraudulent publishers presenting themselves as valued, known content. Publisher transparency doesn’t solve the fraudulent install issue, or provide any true control over environment.

Myth: “I’ve got several fraud rules in place to manage app install fraud across our campaigns. I don’t need to worry.”
For some time now, advertisers have been working to reduce the number of fraudulent app installs occurring across their campaigns, by implementing probabilistic rules. For example, disputing all installs from publisher with an install rate over 10 per cent, or disputing all installs from a publisher with a click-to-install rate of under 0.05 per cent.

Of course, by not paying for installs that break these publisher-based rules, some fraudulent installs will be caught – and, better yet, not paid for. However, without using advanced data sets to analyse each individual install, these rules will only ever catch a fraction of fraudulent installs.

This is because these rules make broad assumptions about publishers and apply a one-size fits all approach to fraud detection. With many sub-publisher IDs encompassing multiple sources, advertisers utilising broad publisher-based rules can actually end up blocking genuine and valuable traffic.

By applying a deterministic approach to app install fraud analysis, Machine has increased the volume of fraudulent installs detected across campaigns by an average of 70 per cent versus a traditional publisher-based rule methodology.

Myth: “I dispute any install that delivers with a click-to-install time of under 15 seconds. Click Injection isn’t a concern for me.”
For many of the advertisers that we speak to, a click-to-install time below 15 seconds (or sometimes even 10 seconds) is deemed too fast, and a sign of click injection or install hijacking. We fully agree – 10-15 seconds is definitely too fast for a legitimate install to take place. However, when we ask whether an advertiser has run tests to determine what the quickest possible speed to actually download their app is, the answer is almost always no.

Having carried out many of these tests at Machine, using different-sized apps across a variety of devices and connection speeds, we have found that it is not possible to click on an ad, go to the app store, download and install the app, and open it in less than 30 seconds as an absolute minimum – and often much more time is needed.

It’s for reasons like this that rule-based app install fraud detection is not a reliable approach, even when looking at installs on an individual basis.

Myth: “I’m buying on a CPA/CPE – I don’t have to worry about fraudulent app installs because I only pay for completed in-app events.”
This is one of the most common misconceptions among marketers running app install campaigns. It’s understandable – why should you worry about fraudulent installs when you’re only paying for those that convert?

Unfortunately, paying out only on a post-install conversion basis does not provide any protection for advertisers’ marketing budgets, as conversion events can be fraudulently generated as easily as the installs themselves. There are plenty of ways for the fraudsters to do this.

Via attribution theft – whether utilising click stuffing or click injection – fraudulent sources can effectively steal attribution for organic installs and then get paid out on the inevitable in-app events, driven by genuine users who would have downloaded and used the app of their own accord.

Install farms are constantly evolving and becoming more sophisticated, with a stronger focus on driving post-install events, in a bid to appear more genuine in their user patterns.

And finally, there’s bot delivery, whereby programmes will not only imitate app install delivery, but go on to mimic app opens and usage on a regular basis in order to fake the converting event and mimic a valuable app user.

Myth: “I only work with Premium/SDK ad networks, so I must be safe.”
We hear this regularly, and carefully vetting your preferred suppliers is absolutely the right approach. Your network partners assure you that they are only providing direct traffic sources, but the reality is that this will likely make up just a small proportion of what you are supplied with.

In the first four months of 2018, Machine analysed app installs from 88 networks, and only one of them was able to deliver fraud levels of less than 10 per cet fraud. For 11 of the networks, 90 per cent of their installs were fraudulent.

Ultimately, it all comes down to the individual networks’ degree of control – or lack of it – and one of three things will be happening behind closed doors:

  1. All traffic is indeed direct and therefore control is reasonable. However, the network will almost certainly be infiltrated by some fraudulent publishers (attribution theft). It is, unfortunately, unavoidable.
  2. Some of the traffic is direct, some of it is re-brokered – and control is relatively low. In this instance the network will be infiltrated by fraudulent publishers, install farms and botnets.
  3. The network has no direct traffic and all delivery is outsourced to third parties. Who outsource to other third parties. Who outsource to other third parties. Who... you get the idea. These re-brokering chains can be frighteningly long. Control is non-existent and you will be attacked by every single fraudster who can get their hands on your marketing budget.

In my experience, scenario two and three are the most common – and if that’s the case, how can you, as a marketer, expect to achieve any certainty?