Google Shares Play Store Data To Stamp Out Mobile Click Injection Fraud

Google is opening up an API to stop fraudsters from stealing credit for app installs, and mobile measurement and attribution platform Tune is an early adopter.

The API, which was fully integrated into Tune’s platform Monday, enables Google to share data with partners about the exact time an app install is initiated in the Play store.

Knowing that bit of info allows attribution providers to pinpoint any fishy-looking clicks that take place between the download and the first time an app is opened, which is the point at which credit for the install is doled out.

Bad actors increasingly are trying to grab credit for app installs – organic app installs, in particular – through a practice known as click injection, primarily an Android problem, by insinuating themselves into those moments between the download and the initial open.

Android is particularly vulnerable to click injection fraud because the OS broadcasts new app-install alerts at the system level to other previously installed apps.

While those alerts are helpful for app integration and interoperability, bad actors can use malware to see when a new app is downloaded. The malware then generates fake server-side clicks from the device between when the install initiates and app is opened.

What’s insidious about this form of fraud is that it tricks developers into paying for organic installs.

“Advertisers pay for advertising, they see supposed performance, but then there’s no incremental growth of their business,” said Tune CEO Peter Hamilton.

It’s also tough to detect because it looks like the click is coming from a legit device, and that messes up analytics. App marketers are led to believe that their paid media is more effective than it is, while fraudsters take credit for installs that would have happened anyway.

Although it’s difficult to know exactly how much money is being lost to click injection, Tune reckons that it’s at least a $700 million-a-year problem with the potential to grow if left unchecked. The company estimates that click injection represents about one-third of mobile app install fraud overall.

The difference between click injection and click spamming is the precision of the operation. Spammers generate as many clicks as possible hoping that one snags credit right before an open. With injection, the fraudster knows exactly when the download is happening.

“In that instant, you only need one click to get credit,” Hamilton said.

But by combining click-to-install reports at the attribution provider level that track the lag time between a click and an install with deterministic time-stamp data from Google Play, it’s possible for Tune clients like Hotels.com to suss out abnormal click behavior and block the bad ones.

Although Hotels.com is eager to spend in the paid acquisition space, said Oliver Mills, the brand's global mobile marketing manager, "the infrastructure isn't there to scale without fear that you are shoveling your money into a big fraud fire."

It's troubling to Mills that some ad networks still aren't addressing the issue proactively, which indicates that the incentives aren't yet aligned.

"Clearly there is a substantial portion of their clients who are happy to keep spending blindly or else the ad networks would have been forced to adapt," he said. "Without a large scale change of mindset from advertisers, black hat methods will always prevail as the easiest way to reach those targets."

And, the fact is, prevention is always better than treatment, Mills said, which is why it makes sense to combat click injection at the source.

Collaborating with the platforms to cut down on app-install fraud will soon become ubiquitous across the mobile attribution space, Hamilton said.

“We’re expecting that this will become an industry standard,” he said. “Everyone working together is the only way to make sure click injection isn’t a problem any of us have to deal with anymore."

 

Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>