This is the first in a series of deep dives from AdExchanger on mobile fraud, including guides to fraud tactics and threat vectors and practical solutions from advertisers in the growth and user acquisition trenches.
Ad dollars are flowing to mobile and fraudsters have noticed.
App-install fraud alone is estimated to have cost mobile marketers around $2 billion last year, and while it’s difficult to pin down exactly how much mobile ad fraud is happening across the entire ecosystem, upward of 40% of mobile app inventory is fraudulent (Marketing Science), and nearly a quarter of mobile ad networks have fraud levels over 20% (Tune).
As a result, some of the more sophisticated advertisers are scrutinizing their partners, and they don’t like what they see. Expect more lawsuits a la Uber, Fetch and Phunware as the year progresses.
But while lawsuits make good headlines, they won’t fix the root issue: The mobile performance industry is highly vulnerable to fraud and the only way to effect change is for everyone to get wise.
But some advertisers make it their business to ask questions, and others should take a page from their playbook.
Hardcore performance advertisers such as game developers, especially the free-to-play guys, are among the savviest when it comes to digging into the numbers, said Saikala Sultanova, director of user acquisition at Ubisoft.
“We’ve got to be meticulous,” she said.
Although Ubisoft pays for the majority of its campaigns on a CPI basis, Sultanova and her team know exactly how to calculate the value of a newly acquired user by looking at in-app events, such as completed tutorials, in-app purchases or first-time purchases, and tying them to ROI.
Ubisoft and its attribution partner AppsFlyer look for red flags in the reporting, like too many installs coming from the same IP address or super-short download speeds.
Measurement is also becoming increasingly hamstrung on the mobile web with initiatives like Apple’s Intelligent Tracking Prevention for iOS 11 that limits visibility into around 30% of mobile browsing in the US and makes it difficult for marketers to know if their campaigns are fulfilling their KPIs.
But app-install fraud is particularly tricky to measure because finding it is an “inexact science,” said Dan Koch, CTO of mobile measurement provider Tune. The best way to detect it is through pattern recognition and hunting for actions and events that may not always represent fraud in specific cases but are dubious when viewed in the aggregate.
Fraudsters are adept at sneaking into these cracks.
For example, it’s possible but not probable that someone will suddenly decide to download an app six days or a week after clicking on an ad. What’s more likely happening is a case of click injection, in which a bad actor swoops in to take credit for an organic install at the last moment.
The buying metrics that advertisers use for their install campaigns add to the murkiness. When advertisers run campaigns on a CPI basis, they’re basically broadcasting to the fraudsters exactly what they need to do to get paid.
“Click spam works even better on CPI than cost per click because most people don’t even know they’re being defrauded,” said Andreas Naumann, a fraud specialist at app attribution vendor Adjust.
Some more discerning advertisers are starting to pay out on cost per action, like download plus first open. But even that won’t help, Naumann said. The fraudsters will just spoof the first open.
So what are advertisers supposed to do? Analyze KPIs all along the user funnel, look for anomalies, keep tracking downstream metrics and stay vigilant.
“It’s an unpopular answer, but the silver bullet doesn’t exist to fix this problem,” Naumann said. “The real fix is to realize that you need to pay attention to what’s happening from the first impression all the way through to the hundreds of events that happen after the install. There’s just no substitute for that.”