Released: SDK Signature for the ultimate security
Posted Dec 19, 2017
You’re already well-versed in fraud schemes like click injections, click spamming and simulated installs, and you know that we’ve developed the best tech in the industry to fight them with our Fraud Prevention Suite.
Fraudsters, however, come up with new schemes to cheat you out of your ad dollars every month - so for the holidays this year, we’re taking the time to get more than a few steps ahead of them. We’re adding yet another layer of security to your Adjust dashboard.
With the new Adjust Signature, we’ve created a robust system designed to stop hackers. From now on, we’re making use of a more complex signature that you can set up in your dashboard to bring you the ultimately security from traffic spoofing.
The secret consists of several fields that are unique to the app itself and are integrated into the SDK. The signature is made by combining the secret with multiple other fields hashed and sent with the install request. Our backend verifies the traffic coming from the SDK through the signature, and if there’s a match we will accept the install.
For new apps: your first app secret will be created automatically within the dashboard. Existing apps will have an active secret added to their account. Each app will have an active secret from now on. They are not mandatory, however, and can be toggled on or off in the dashboard; you’ll find the toggle under ‘Enforce SDK Signature’; the default setting is off for existing apps and on for new apps. Account admins may request new secrets, which will automatically be added to the list of active secrets - only admin user accounts can see and manage app secrets.
Warning: If you use an older version of our SDK which does not support the SDK Signature feature but turn the toggle on in the dashboard, all traffic will be attributed to untrusted devices.
If an install is rejected and you have not activated the Fraud Prevention Suite, the traffic will be ignored and will not receive it via callback. You will, however, be able to see it in your secret statistics report. If you have activated the Fraud Prevention Suite, the install will be attributed to the ‘untrusted devices: invalid signature tracker’ and you will see the report within your Fraud Prevention Suite reporting as ‘invalid signature’.
Note: this product is opt-in, and won't be automatically visible for all. If you're interested in this product, please get in touch with your account manager or firstname.lastname@example.org and we’ll give you an introduction on how make it visible in your dashboard.