Now let’s cover each type in a little more detail.
As we mentioned earlier, spoofed ad engagements started out with simple Click Spamming and its variations like ‘click stacking’, ‘views as clicks’ or ‘preloading’ These methods function by sending as many clicks to an attribution company as possible and gaining attribution for users by randomly matching device IDs or fingerprints.
Advanced methods (like Click Injection) create fake clicks during the download of an app, claiming attribution with an impossible to beat ‘last click’.
The first cases of Spoofed Users we detected involved simulators on cloud computing services running Android apps that were pretending to be real users. On iOS, we specifically identified device farms in southeast Asian countries where real devices and actual humans created non-genuine app activities.
Recently, we’ve seen a much more devious method: SDK Spoofing. This cuts the cost for creating fake user interactions by only faking the requests made from an app to servers of attribution companies and app publishers, instead of actually running the app. Fraudsters have broken encryptions and hashed signatures, which has led to an arms race between fraudsters and researchers.
We see that simulators, cheap labor and bots can all be used to create fraudulent app activities. They are all different methods used to commit the same type of fraud.
Why define fraud?
We’ve spent the length of this article defining ad fraud - but to what purpose?
Essentially, as we’ve been working to try to stamp out each individual method, we’ve identified certain patterns. The more we think about and define what these mean, the easier it becomes to stamp out fraud in future, while being more ready to educate everyone on what fraud really looks like.
We’ve found that asking questions such as “What is the method of this fraud?”, “How did they get this user activity into our system?”, “How does Click Spamming really work?” are much deeper, and give us more to work with, than simply asking “is this fraud?”
If you begin by stating that there is a problem, and then look at the individual methods applied, you’re able to build much more of an assertive understanding. Starting with “this is that method”, moving to “this is the countermeasure”, and finally, “this is the yes-no filter”, creates a proactive process to fight it.
If you don’t get beyond the methodology, you only have one answer to one question: “yes, this is a problem”. In today’s world, that isn’t enough.
Fraud is constantly changing. However, we know the limitations, and by working towards the source, asking questions, and figuring out that it can only develop within a certain system, we can create stronger solutions for the benefit of everyone.