Nov 15, 2018

Click Injection filter upgraded to stop the Content Provider exploit

We’ve upgraded our Click Injection filter by utilizing Google’s `install_begin` timestamp, which was made available in the new Google Play Referrer API.

This will allow us to prevent further exploitation by the Content Provider Exploit, allowing insights and optimizations to be free of fraudulent activity derived from this method.

The updated filter will deny attribution of any install to sources that delivered a click in between the newly available timestamp ‘install_begin’ and the first opening of the app by a user (or at the next session start, as this also works with re-attributions).

In version 1, we relied on install finish time. While this helped with Click Injection post-download, it only protected against the ‘package_added Broadcast Exploit’. As mentioned, Version 2 builds on this by filtering ‘install_begin’ which covers the Content Provider Exploit and finalizes the filter to protect against all known methods of Click Injection.

Please note that during testing we learned that the amount of Click Injections is split between two methods, with roughly 40% from the package_added Broadcast Exploit and 60% from the Content Provider Exploit. Therefore, you should anticipate a strong increase in rejections, if your app fulfills the requirements and the filter is toggled on.

What you need to do

To gain access to this filter, you must install Adjust’s SDK 4.12 or higher, and the app must fully support the Google Play Store Referrer API.

If you have fraud prevention enabled and have toggled the Click Injection filter on, you will see rejections under `RI CI` and `RR CI` within the dashboard. The `{rejection_reason}` will still be `engagement_injection`.

This update is available to those who have activated the Fraud Prevention Suite. Get in touch if you’d like to find out what active fraud rejection can do for your campaigns.

And, for more on fraud prevention, please read our documentation here.