Mobile click fraud: Understanding click spam & click injection

Andreas Naumann

Feb 4, 2019

We often get the question: isn't fraud prevention a bit of a cat-and-mouse game?

And, in reality, the answer is yes. Even in our regular, day-to-day fraud prevention work, this is obvious. As you turn on any of the filters in our Fraud Prevention Suite for the first time, chances are that our filters will immediately catch some volume of suspicious attributions.

But as the minutes and hours go on, the volume rapidly drops. This is a mouse caught in the open when the light goes on. The fraudster will notice they’re no longer given credit for any installs, causing their CPIs to plummet. Once this happens, they will redirect their attention to other campaigns and other apps, so it’s important to stay educated about various fraud techniques.

In this article, we’ll take a look at two common types of mobile click fraud - click spam and click injection - and how we filter them.

Click Spam: How Fraudsters Poach Organic Users

There’s one particular technique by which fraudster poach organic users. Known as click spam, this type of fraud happens when a fraudster attributes clicks to users who haven’t made them. It starts when a user lands on a mobile web page or in an app which a fraudster is operating. From there, any one of several kinds of click fraud could take place:

  • The mobile web page could be executing mobile click fraud in the background without visible ads, or ads which can be interacted with.
  • The spammer could begin clicking in the background while the user engages with their app, making it look as though they have interacted with an advert
  • The fraudster app can generate clicks at any time if they use an app that is running in the background 24/7 (e.g. launchers, memory cleaners, battery savers etc.)
  • The fraudster could send impressions-as-clicks to make it look as if a view has converted into an engagement.
  • The Spammer could blatantly send clicks from made up device IDs to tracking vendors

What unites these approaches to mobile click fraud is that a user is not aware that they’ve been registered as interacting with an advert. That’s because in actual fact, they never even saw anything. As a result, the user may install an app organically but a fraudster will claim they’ve seen an ad – meaning the conversions will be attributed to a source that had nothing to do with the install.

The Impact of Click Spam

Click spamming is insidious because it essentially captures organic traffic, brands it without its knowledge and then claims the credit for the user later.

This has a few important and profound effects on an advertiser, the most obvious of which is that they unknowingly pay up for an organic install.

Not only does this cost advertisers their spend, but there are a few more effects to this type of mobile click fraud too:

Miscalculating organic installs:

First, and related to the previous point, the fact that the advertiser does not know that they’ve paid for an organic skews a number of interrelated metrics.

It undercooks the number of organic users that the app is generating, which affects both internal cohort analysis and potentially underplays the impact of marketing that could generate organics such as ASO, branding and press outreach which have potentially been cannibalized through the click spamming.

Misinformed UA strategies:

Organics poaching also threatens the certainty of acquisition decisions. If an advertising network is claiming organic users and these users perform well within an app, the advertiser will obviously decide to invest in that channel to acquire more of the same type of users. This creates a circular problem, where the advertiser continues to pay someone else for the users they’ve already acquired naturally (or through other marketing channels) until they realize the mistake.

Click spam has the potential to affect targeting decisions across the whole business. While those organic users will undoubtedly be good quality, their presence in the paid acquisition cohorts will tempt a marketer to pay for advertising in other channels that target these groups. This is despite the fact that these groups might well download the app in question without the prompt of an advert at all - meaning that the advertiser wastes time and money chasing users who could be reached in other ways.

More reliable channels will lose out

These investments will be made at the expense of other channels. Campaigns that are largely unblemished by fraudulent conversions will appear less performant in relation to the poached organics. The missing ROI on relatively fraud-free channels pose an opportunity cost to the advertiser: when they could have invested sums chasing truly promising user cohorts, their budget is tied up with fraudulent channels instead.

Click spamming might seem like a relatively small thing to deal with. But if it isn’t spotted early, it can seriously pollute an entire app’s attribution efforts - leading advertisers astray and causing them to waste a significant amount of time chasing after users they’ve already acquired.

How can click spam be detected?

It’s impossible for advertisers to combat click spamming on the front line, as it’s down to publishers to stop engaging in the practice.

However, advertisers can catch click spamming when it happens by looking for a simple pattern. During our investigations into the problem, we discovered that there was a clear difference in the way that genuine advertising clicks are distributed over time versus click spammers.

For a genuine traffic source, clicks are attributed with a normal distribution. The precise shape and size of the distribution will vary from traffic source, but the pattern from a trustworthy source is essentially a hefty number of installs on hour one before a rapid tapering of performance.

Click spamming sources behave differently. Installs from a fraudulent source are distributed flatly, because the spammer can trigger the click but not the install. Therefore installs (and click to install times) will follow a random distribution pattern.

This means that it is possible to weed out click spammers after the event. But by refusing to attribute installs to traffic sources that claim traffic with a flat distribution, advertisers can fight back against spammers. But in the big picture, we’ve seen fraudsters taking steps in other directions as fraud prevention becomes more common.

Click Injection: How Fraudsters use install broadcasts to their advantage

Click injection is a sophisticated form of click-spamming. By publishing a low-effort Android app which uses something called “install broadcasts”, fraudsters can detect when other apps are downloaded on a device and trigger clicks right before the install completes. The fraudster will receive the credit for (typically organic) installs as a consequence.

Essentially, click injection fraudsters use a junk app to hijack the user’s device at just the right time – and with just the right information – to create a legitimate-looking “ad click” and thus get CPI payouts.

Fake ad engagements not only siphon off advertising budget that could have reached more people. Worse, conversions such as these result in marketers inaccurately believing certain paid campaigns resonate better with users than they actually do.

The data becomes dirty: numbers-driven conclusions that marketers reach are then based on data that contains systematic inaccuracies. This can mean that advertisers continue to invest in advertising that is relatively ineffective, potentially diverting money from better-placed and better-designed campaigns.

If you’re running a lot of CPI campaigns on multiple different ad networks, especially in higher-CPI markets like the US, you have a higher risk of exposure. Here, fraudsters typically abuse a number of different ad networks.

How is Adjust preventing click injection fraud?

We announced our click injections filter at the end of 2017, showcasing our new method of fighting fraud. The capability is only available as part of our fraud prevention suite. If you'd like to upgrade and begin to filter click injection fraud from your campaigns, get in contact with our sales team.

Remember, we're the only attribution solution on the market to actively filter this (and many other kinds of) fraudulent activity - and if you're concerned about its effects, you should talk to us about how we can help you.

In the meantime, our mobile fraud guide has more on click injections and the other most common types of fraud in the industry. We also have reading material related to ad fraud in China, various other mobile fraud examples and whether fraud gives your competitors an advantage.

Want more learnings from the market leaders in mobile fraud prevention?