The fraudster’s bag of tricks runneth over. Bidel’s report cited bad traffic, domain laundering, in-app ad stacking, phantom apps – when a user clicks to download an app, only to find that the app doesn’t exist but the click was recorded – mobile emulators and shady redirects as issues already plaguing the mobile ecosystem.
But mobile location data spoofing is a particularly prime example.
“Location is increasingly important on the mobile side for targeting and offline attribution purposes,” said Michael Tuminello, director of product at video platform Innovid. “But mobile location data is frequently inaccurate due to the lack of standards and a complicated ecosystem.”
Adding GPS coordinates to a bid request ups the price, and in some cases it’s legitimate, but a lot of the lat/long information available on the open exchange is coming from players who have no business providing it.
Location spoofing isn’t black and white, however, said Alec Greenberg, VP of media operations at Dstillery.
For example, when an app asks a user to share his or her location and that user declines, the app still gets some sort of data – albeit general information like, ‘This person is in Brooklyn" – relayed from a local cell tower. Broad data like that is far less useful in terms of driving foot traffic than precise lat/long data – it's also not opt-in, considering in that case that the user had declined to share location data – but Greenberg isn't convinced the players purveying it are necessarily always malicious rather than just opportunistic.
But the end result is the same and Dstillery isn’t taking any chances.
“We throw out 50% to 70% of all the GPS coordinates we see every day because they’re questionable,” Greenberg said. “That’s a huge percentage.”
Much of mobile fraud detection is about patterns. Take “mean time to install” (MTTI), a term coined by mobile analytics company Kochava to describe the average time it takes between when a user clicks to download an app and when that user launches it for the first time. A dating app generally has a low MTTI, sometimes just a few hours, whereas a finance app can have an MTTI of seven days or more.
If a large percentage of users coming from a certain subset of publishers within a specific ad network open a finance app within an hour, that’s a clear indication that something isn’t kosher.
“There is a correlation between MTTI and the lookback window that an advertiser sets up to give credit to the network that drove the install,” said Kochava CEO Charles Manning. “That’s why it’s important to establish a baseline MTTI so you can understand what a high-value user does and what their true intent is.”
Apsalar noticed something similar when it examined the relationship between app-related clicks and conversions by geo. A country like Germany, for example, has a roughly 5% in-app conversion rate with nearly no click fraud to speak of. But in France it takes users 20% more clicks than users in Germany to convert, what Apsalar CEO Michael Oiknine referred to as an “overclick rate.”
In countries like India and Hong Kong, however, the overclick rate spikes astronomically. It takes users, or more likely bots, in those countries around 1,000% more clicks than users in Germany to reach the same conversion.
“Sure, maybe people there are just clicking more,” Oiknine said. “But to my mind, this kind of differential tells you that something is going on. To us it feels like a proxy for the level of fraud in the country.”
But all it takes is a Google search to prove that mobile fraud is reaching an unfortunate maturity.
“Type ‘purchase web traffic’ into your browser and you can see for yourself how many botnets are out there,” Yarnall said. “Now type in ‘purchase mobile traffic’ or ‘purchase app downloads’ and you’ll get millions of results for people willing to sell. Some of those people will be honest and some are going to be really shady.”
If you know what you’re getting, that’s one thing. But if you think you’re buying a luxury sports car and all you’re getting is a jalopy with a convincing new paint job, then it’s fraud. That’s how Kochava defines it, anyway.
“Any traffic that purports to be one thing and it actually something else – that’s fraud,” Manning said. “If you think you’re buying non-incentivized traffic and there’s incentivized 'Candy Crush' traffic in there, it might not be the ad network’s fault, but it is fraud.”
When Kochava detects an outlier or mislabeled blended traffic, it alerts the advertiser. From there, the advertiser can decide to take action or not.
“We proactively observe what’s going on and we alert the customer when we see it happening,” Manning said. “But we don’t just drop the click. At the end of the day, we’re a measurement company, not the jury. How you deal with the information we give you as an advertiser is your thing.”
Fraud, mobile or otherwise, is a moving target and will remain so, said Yarnall, and every industry stakeholder needs to share responsibility.
“You’re never going to see a level set for non-human traffic. When a scammer sees something working, they’ll take it and run with it as far as they can go – and then they move on,” Yarnall said. “It’s like an eternal game of whack-a-mole. The perpetrators of fraud are always going to be there."