Why filtering short click to install times isn't the answer

Andreas Naumann

Posted Aug 14, 2017

Industry-wide, it’s increasingly believed that the “best way” to fight click injection is to reject all attribution for any installs that happen a few seconds after a click. The idea here is that it's impossible to download and open an app (typically over 100MB in size) within such a short space of time.

However, there’s a problem with that approach. Let's look at the two defining KPIs for any filter: false positives and false negatives, and why filtering short click to install times isn't the answer.

When you create a histogram with 1-second wide buckets, a source that delivers click injection traffic will usually show an uncharacteristic bump in click-to-first-open time within the first 3-5 seconds, like in this graph:

Let’s compare this with an example of normal traffic, where there's no bump to be seen:

Looking at the two, it’s obvious to see that there's nothing to differentiate between genuine installs and click injection traffic past the initial few seconds - at least, from those uncharacteristically high amount of installs converting quickly from click-to-first-open.

Mitigation ‘experts’ might say that conversions with click-to-first-open times of under 15 seconds (or any other number derived from the app size, and the perceived minimum possible time to go through the full conversion funnel) are the only fraudulent activity that occurs, but there are two problems with the approach. First, you’re cutting out some legitimate installs within this timeframe. Second, and more importantly, you’d be ignoring the vast majority of false negatives that occur over an attribution time frame.

An advertiser who trusts a so-called ‘fraud mitigation expert’ might believe that a click injection fraud scheme is entirely mitigated by not paying for installs that take less than X seconds to convert from click to first open of the app. So, filtering all that out will essentially do the job.

Ultimately, that large initial bump only filters ~3-5 percent of all fraudulent installs. So, if you reject or chargeback these installs, you’re only taking care of about 3-5 percent of total click injection fraud, leaving 95-97 percent of it unaccounted for.

In cases like this, a fraudster almost receives a double payout - first from the high volume of undetected fraud, but also from likely recurring investment from advertisers who think the channel is working for them. Detection isn’t a substitute - as this method simply doesn’t work.

We urge clients to shut down sources in total and not start with the rejection or chargeback of an uncertain ratios between correct and false negatives. The problem of false positives being rejected as well is just the icing on the cake.

For more on click injection, take a look at our recent blog, which is just one part of our much larger mobile fraud guide, which you can download here.

Want more fraud-focused content from industry leaders?