In our series on fighting ad fraud, Moloco proposes a taxonomy for the major classes of mobile ad fraud.
While the web advertising industry remains relatively mature, the mobile ad ecosystem is still very much the wild west. We still see a lot of M&A activity, many of the major companies are hiring very fast, and the industry events are lavish by any standard. From outwards appearances, the industry is quite healthy.
The multi-billion dollar secret, however, is that a lot of fraudulent behavior is the norm within the industry. As traffic passes from publishers to networks to attribution providers to your reporting dashboard, there are many points of failure. In our prior article we argued that networks are the worst actor, but we note that every time traffic gets passed along this chain there is an opportunity for fraudsters to step in. If networks got cleaned up, fraudsters would find a new attack vector.
To further complicate matters, this chain will continue to grow and adapt. This already happened when attribution providers first stepped into the scene. They existed initially to provide a referee to much of the ad fraud in the space. However, if an attribution provider could hypothetically be corrupted by fraudsters, then we may see additional links added to this chain.
Therefore, when considering a taxonomy of mobile ad fraud, we looked for a framework flexible enough to account for all the myriad ways the landscape may evolve. Here is what we propose
We propose this simple taxonomy of mobile ad fraud:
While people may argue of semantics at each stage, it is clear no install could exist outside this basic rubric. In our experience, it turns out to be quite useful, as most installs can be bucketed into these categories. Let us look:
This category includes fraud where there was an actual install but no download such as existing user, SDK spoofing, attribution bug.
This is a form of bot-based fraud. Fraudsters add code to one app that sends simulated ad click, install, and engagement signals to an attribution provider on behalf of another app.
A junk install occurs when there’s no real user behind an install. Examples include install farms, emulator, incentivized, deviceID reset.
Device ID Reset
This is the latest and not so greatest emerging source of mobile fraud. Every mobile device has its own DeviceID, which fraudsters reset between each install, to generate what looks like new clicks and, in turn, unique installs.
Installs farms are physical locations with sometimes even thousands of real mobile devices. Fraudsters click, install, and engage with mobile apps providing lucrative payouts and huge drains for victims.
This category includes fraud such as click injection, click spamming, fingerprint abuse. Here are some examples:
Click on impression
A rotten network sends out a fake click for every impression it serves (meaning a miraculous 100% click-through rate!) and attempts to poach organic installs.
This is a form of attribution stealing where someone else is getting credit for 80% of the installs you drive. This means 80% of your revenue is lost! The practice began at the publisher-level among a small number of apps and spread across apps. A more advanced form of click spam, after identifying a download of an app has begun, fraudsters trigger clicks before the organic install completes effectively receiving the credit.
Real Paid Install
If an install does not fall into these other three categories, we presently assume it is a “real install” and deserves attribution.
Do you agree with our taxonomy? Why or why not? Did we forget any forms of fraud that could exist outside this framework? Please tell us your thoughts. We believe the only way we can combat mobile ad fraud is by working together.
If you are interested in fighting ad fraud, we recommend DoubleCheck, a free anti-fraud suite that syncs with your existing MMP data. Please email us at firstname.lastname@example.org or visit http://molocoads.com/ for additional information.