In 2018, only 62% of all internet traffic was human. With so much activity attributed to bots, and mobile apps expected to generate $189 billion in revenue by 2020, the fight against in-app bot fraud is more critical than ever. This type of fraud affects all verticals, but Gaming and Ecommerce are hit the hardest. Bots can reach impossibly high scores in gaming apps and swipe limited edition products from Ecommerce apps within a matter of seconds. Both of these scenarios prevent users from having the optimal user experience, and could even cause them to uninstall your app for good. Furthermore, these are just two examples of the many ways bots can be used for a fraudster’s benefit.
Without sufficient protection, it’s likely that you are already losing out to in-app bot fraud. It is therefore critical to understand the ways bots can ruin your app’s user experience, in-app economy, and brand reputation. In this article, we explain how in-app bot fraud works, the multi-faceted impact it can have on Gaming and Ecommerce apps, and how anti-bot protection enables you to fight back.
What is in-app bot fraud?
In-app bots are programmed to act like real users, carrying out specific in-app events that benefit the fraudster. They can tirelessly complete these in-app tasks, making them a powerful tool for any fraudster looking to perform actions at a humanly impossible rate. This fraudulent activity can be used for various incentives, resulting in any number of negative outcomes: ruined user experience, lower retention rates, credit card fraud, users being sent spam, the takeover of accounts entirely, and many others (explained in more depth below).
Bots are now sophisticated enough to accurately imitate user behavior and go undetected by traditional detection methods. However, there are still signs that can signal that an app has been compromised by bots. At the most simplistic level, you can discover bots in your app by looking out for unusual user comments and other interactions. If you have an active community, you can also check forums and social media updates to see if your users are discussing unreported irregularities.
Just like with mobile ad fraud, in-app bot fraud occurs when incentivized. The initial challenge is to discover ways in which you can distinguish bots from real users, followed by attempts to remove those bots and prevent more from entering your app. However, learning to detect bot traffic is a huge task to perform in-house, putting a strain on resources that could be spent elsewhere. To be sure that you are fully protected against in-app bot fraud, you need a bot prevention solution that can accurately identify the difference between in-app bots and genuine users.
How do in-app bots pose a threat to Gaming and E-commerce apps?
Because bots affect apps of all verticals, it’s critical to understand how they can compromise your app and how damaging this threat can be for your long-term goals. Here are key examples of how Gaming and Ecommerce are affected by this type of fraud.
How do bots affect Gaming apps?
According to a poll by mobile strategy agency Tappable, the smartphone is the preferred gaming device of 42% of gamers – but even the most dedicated mobile gamers won’t hesitate to uninstall a game that’s spoiled by bots. These attacks are often tailor-made for a specific app to ensure they appear to be genuine users. For mobile games, bots can wreck business models and ruin the gaming experience in several ways, including:
Negative impacts on your gaming community: Chat features, forums and content sharing are great ways to increase engagement and allow users to have shared enjoyment of your game. Building a community of devoted gamers will also boost retention, offering your users a unique gaming experience that can be enjoyed with others. However, bot fraud threatens to compromise this essential component of your mobile game. For example, if your leaderboards are dominated by bots, that’s going to demotivate users from competing. When the issue becomes widespread, it won’t take long for users to share their negative experiences within the community. (For numerous examples, google any popular game along with the word “bot”.)
Destroying your game’s in-app economy: Fraudsters can also ruin your mobile game with bots by affecting your in-game economy. This occurs when users purchase bots to play the game for them. These bots can often be purchased by subscription: All the hard work has been done, whereby you have engaged a user enough for them to want to progress through your game, and then – at the final hurdle – that revenue is going to fraudsters instead.
The extent to which bots can harm gaming economies was highlighted earlier this year when Partypoker, the second biggest online poker site, purged 277 bot accounts. As a result, a payout of $734,852.15 was distributed between the victims of those abusive bots.
Damaging your brand: In addition to creating an unfair, frustrating user experience, bots will also do huge damage to your game’s brand. The impact can be long-lasting and hard to overcome: not only will gamers uninstall your game, they might also be discouraged from installing other games associated with your brand.
How do bots affect E-commerce apps?
Smartphones will account for 34% of all e-commerce sales in 2019, with shopping apps generating 5.7 billion downloads in 2018. Every retailer’s goal is to make the most of this activity by simplifying the user experience and ensuring mobile users can purchase without having personal details compromised. However, bot fraud threatens to negatively impact your E-commerce app in the following ways:
Log-in attacks: If users are required to have accounts to make a purchase, there will be bots implemented to try and gain access. These bots will use lists of stolen information to hack into user accounts. Once they have gained access, they can use saved credit card details to purchase products. This creates a worst-cast experience for your users that will also be damaging to your app’s reputation.
Swooping up high-demand products: Limited edition and exclusive products should be a major incentive for users to download your E-commerce app. However, if in-app bots target an app without anti-bot software, users won’t have a chance of ever purchasing those items. This is because bots can be programmed to swipe the most in-demand items well before a human could make a purchase.
This isn’t just a disincentivizing experience, it also forces legitimate users to purchase those items elsewhere – at a marked up price. Founder and CEO of Need Supply Co., Chris Bossola, outlined why this can be so damaging, stating that “if one person buys 40% of the product just to resell it, it’s not a good customer experience for anyone.” In addition to this, he explains that it’s not helpful for any company because – despite the sale – “those people are not reliable customers who provide long-term value.”
Moreover, when bots become the only way to buy certain products upon release, would-be legitimate users are also using bots to try and claim these products. On the March 29, the top paid-for app on the App Store was the “Supbo”'— a bot designed to help users get the latest Supreme products before other shoppers.
Skewed analytics: In-app bot fraud can cause spikes in traffic from whichever region the bot is programmed. Without knowing that this measurement has been compromised, you will mistakenly believe that there’s an interest in a particular product in that region. There’s a danger this error will cause you to waste resources and adapt your retargeting strategy using compromised data.
When your analytics have been skewed by bots, you’ll have to take certain measures to prevent this activity. For example, you’ll need to implement more rigorous security procedures. While this can limit the number of bots in your app, it’s also adding extra steps to your otherwise streamlined user journey.
Fake news: Bots can also be used to generate fake reviews for products at the fraudster’s will. This happened to Amazon earlier in the year, when the online retailer was flooded with automated fake reviews for products by unfamiliar brands. This caused genuinely popular household names to lose their place among the best reviewed products, and ultimately mislead users. In similar circumstances, fraudsters can use automated reviews to damage the reputation of their competitors while bolstering their own.
What's the best anti-bot prevention solution?
Despite the many ways in which bots can be harmful to your app, there are anti-bot solutions that can sufficiently protect your app. Because bots are designed to simulate human behavior, using machine learning to register legitimate human behavior is the best way to stay one step ahead of the fraudsters.
Compared to desktop computers, human behavioral patterns when using mobile devices are complex – a factor that can be leveraged to distinguish bots from humans. For example, real users will scroll and tap their device in irregular patterns that are extremely difficult to simulate. Users also perform in-app actions in several locations throughout their day and will not always hold their device in the same way. For accurate bot detection, machine learning can be used to compare these real behavioral patterns with a bot’s behavior. While this is a huge undertaking for a company to replicate in-house, Unbotify offers a bespoke solution that leverages anonymized sensor data to identify bots from legitimate users (while also remaining fully compliant with all data privacy regulations). This includes the device’s accelerometer, light sensor, touch events, and battery status.
A bespoke solution that protects your app’s reputation
Because Unbotify learns your app’s natural user-flow, the behavioral patterns used to determine whether a user’s legitimacy will be individually tailored to your app. Moreover, the specialized machine-learning model is created so that bot detection works in real-time. With Unbotify, developers can weed out harmful bots with ease – taking back control and stopping fraudsters in their tracks..
Unbotify has a track record in working with some of the biggest Fortune 500 companies to provide the best possible bot prevention solution. To learn more about our anti-bot solution, take a look at the official Unbotify product page. We also have a complete guide to Unbotify available to download here.
If you are interested in learning about other types of fraud, you can read our definitions for click spam, click injection, and SDK spoofing. We also have an article outlining the difference between click spam and click injection, and a complete guide to SDK spoofing. You can protect your ad spend from these types of mobile ad fraud with Adjust’s Fraud Prevention Suite.