Blog: The Who, How and Why of Install Fraud, Part 1: Who?

Who _ (4).jpg

garry circle.PNG

Gary Danks
Oct, 2018

The Who, How and Why of Install Fraud, Part 1: Who?

Whenever we speak to advertisers and agencies about app install fraud, we’re commonly asked the same set of questions. Not necessarily about the technical specifics, but the underlying human questions: who is committing this fraud, how do they do it, and why do it in the first place?

In this series of blog posts, we’re going to answer those questions, one at a time, to help you understand where install fraud comes from. Starting with...

Who is committing app install fraud?

Although fraudulent app installs are a global problem for marketers, there is a notably higher proportion of bad players based in Russia, Israel and South-East Asia.

Fraudulent app install players take many guises. There are fraudulent suppliers who provide the tools for generating fake installs, whether it’s the technology for artificial installs or a human install farm, but in terms of who you are buying from, fraudulent players can be divided into two broad categories: publishers and ad networks.


Who are the fraudulent publishers?

Publishers – by which we mean media owners – can be completely fraudulent operations, running a portfolio of apps or sites whose sole purpose is generating money through fraudulent installs. Typically, these apps are low-quality, but will have a presence in ad networks so they can access UA campaigns, and it can be hard to tell them apart from the other 4 million apps on the Google Play Store or 2 million on Apple’s App Store.

Alternatively, it could be a publisher which generates some genuine installs but wants more money and intentionally boosts its revenue stream with fraudulent installs. We’ve seen fraud coming from publishers who provide hundreds of good-quality installs. This can be a case of them actively employing a fraudulent player, or else acting in a way that will inevitably attract fraud – like posting their inventory on an offer wall.

Who Apples (3).jpg

Who are the fraudulent ad networks?

There are three types of ad networks we see install fraud from.

The first are the completely legitimate ad networks. Typically these ad networks only use publishers who are directly integrated with their own ad network SDK. However, there is still a level of exposure to more sophisticated fraudulent activity, as it’s easy for a fraudulent publisher (which seems legitimate) to join these ad networks. These legitimate ad networks proactively do what they can to clean up their own supply and rid their networks of bad publishers – but you can still expect to see an average of 12% fraudulent installs.

The second and most common type is negligent ad networks. Typically these ad networks have little-to-no direct publisher supply and will rebroker the advertisers’ offer over and over again. These negligent ad networks are the source of the most common fraud methods. These are fairly simple and it’s easy to spot the basic signals – a trained person can catch them by looking at the figures – so it’s likely that these networks are choosing to turn a blind eye. They could blacklist the most obviously fraudulent publishers and cut them off, but as they’re making money from them and the penalty is practically non-existent if they’re caught – it’s just a case of not being paid for that particular install – they just decide to ignore it.

The third and final type is outright fraudulent ad networks, which are knowingly providing fraud. In a recent report analysing all the installs Machine processed in the first five months of the year, we saw that five of the 88 biggest networks used by our clients were delivering 100% fraudulent app installs. Unless these networks are highly incompetent, this can only mean that they’re deliberating providing fraudulent inventory.

These three types of ad network form a sort of chain. Fraudulent installs from the first, more innocent players show the fingerprints of the very worst offenders. As for exactly how this happens… we’ll be covering that in our next instalment.

InsightsGary Danks