App Install Advertising Fraud is a $300M Problem

Among the various forms of online advertising today are ads that aim to get people to install mobile apps. According to security firm DataVisor, the app install advertising marketplace is being regularly attacked by fraudsters, to the tune of approximately $300 million per year.

DataVisor’s new “The Underworld of App Install Advertising” report discovered that on average, premium ad networks had app install fraud rates of less one percent, while non-premium advertising network had a fraud rate of just over five percent.

As to why premium ad networks have lower rates of app install fraud than non-premium networks, Ting-Fang Yen, Director of Research at DataVisor, told eSecurityPlanet that it is because premium ad network don’t usually broker out their traffic to other channels. They either advertise on their own sites or only partner with reputable publishers they know, she said.

The report is based on data collected from the DataVisor Global Intelligence Network, which analyzed 140 million app installs and 11 billion user events between January through May of 2017. Among the high-level findings in the report is that fraudsters aren’t just simply downloading the apps, they are also using various technique to simulate the same activities as real users.

“We were surprised to see how much fraudsters are faking in-app activities and retention behavior,” Yen said.

Yen noted that the vast majority of fraudulent installs generated at least one in-app event. She added that 29 percent of fraudulent installs have Day 2 retention events and 18 percent have Day 7 retention events.

“This means that fraudsters are becoming much more sophisticated. They are moving beyond just installs to go after the bigger payouts from cost-per-engagement (CPE) campaigns,” Yen said.


There are multiple things that Ad networks can and should be doing to help limit the risk app install fraud. Yen said that common ways to detect fraud is to use heuristics such as device identification, IP filtering, or click-to-install-time anomalies to distinguish fake installs from genuine users.

She suggest that Ad networks should examine the quality of their traffic sources (especially new ones), and inspect activities both at install time and post-install. In addition, Ad networks should periodically review publishers and partner with those that are reputable and/or have established anti-fraud policies and technologies.?

“Fraudsters are constantly exploring new ways to take advantage of loopholes and avoid detection,” Yen said. “This dynamic nature of fraud means that advertisers must remain vigilant and select the right partners and targeting criteria for each campaign they run.”

She also recommends the use of advanced fraud detection solutions that can adapt to constantly changing attack patterns by utilizing modern machine learning techniques. ?

“As fraudsters become increasingly sophisticated at faking installs, we expect more advertisers to adopt cost-per-engagement user acquisition models to avoid fraudulent traffic,” Yen said.

Yen noted that she also expect to see the fraud rates in each ad network to change dramatically, over the course of the next year.

“Fraud is dynamic, and fraudsters are always on the look out for vulnerable points of entry,” she said. “If an ad network scrutinizes their traffic and deploys anti-fraud solutions, fraudsters will move to another channel that is less vigilant about traffic quality.”

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles