top of page

Anatomy of Mobile Ad Fraud: Click Injection

Updated: Jun 20, 2022

Following the COVID-19 outbreak, the industry saw an increase in mobile advertising. According to a recent report, the total ad spend in India is estimated to cross INR 1 Lakh Crore mark in 2022. With a 45 percent share of the entire ad pie, digital is destined to overtake TV as the most popular advertising medium. The total estimated mobile ad spends from the total share of digital ad spend is projected to be greater than 60% in 2022, valuing it at INR 29,000 Crore.

Digital spending is only going to increase. As a result, passionate marketers have the perfect opportunity to innovate and deliver the best ROI. However, they got to overcome a significant challenge in the process – Mobile Ad Fraud.

Mobile Ad Fraud is a subset of ad fraud plaguing mobile based performance campaigns. It is a collective term used to describe a combination of tactics used to stop digital ads from being delivered to the audiences or spaces for which they were intended. One such tactic syphoning off enterprise ad spend dollars is Click Injection.

What is Click Injection?

As a marketer who is handling user acquisition, click injection is perhaps the most common fraud that you experience, regardless of if you have figured it out yet or not.

Click Injection, a sophisticated form of click spamming, is a commonly used ad fraud method that steals organic and good traffic from other sources. Click Injection will use an app located on the user’s device which informs the fraudsters when a new app is installed, triggering a click before installation is completed, enabling fraudsters to take credit for the install. As a result, the attributes are manipulated and you will be paying the wrong media source instead of the actual (and deserving) source.

Click Injection exploits the existing drawbacks of last click attribution model, and injects click just before the lead is submitted or an install is completed.

How Does Click Injection Work?

Click injection is a type of ad fraud technique that aims to win the last-click attribution in CPI campaigns affecting millions of devices. Fraudsters inject a click when an app is downloaded by a user on their device just before the install is completed. Publishers are usually charged a fixed fee when an app is installed, but when click injection is performed, fraudsters receive the financial credit for the app install. Fraudsters also utilise bots or bot networks to click on multiple ads at the same time.

Here is how click injection works:

Users may unintentionally install the malicious app that performs non-suspicious activities, like auto-changing wallpapers, flashlight, cat-voicing, etc., and it appears harmless to them. They can even make their way to mobile devices without the user’s knowledge. These apps have the ability to inject a click to run another application.

The malicious app installed in the phone keeps performing its unsuspicious action until the user begins to download a new app, and the first malicious app contains code that alerts it of this new installation. Fraudsters inject a fake click to represent

Click Injection | Com Olho

as the source of app install, as well as also inject the click to run the application.

In the advertising industry that works on last click attribution, advertisers pay mostly to the last source that got the successful installation. In this model, the malicious app is able to claim the credit for getting your app installed. Hence, the advertiser attributes the credit to the fraudster and pays them a percentage of the revenue.

Who Is Affected By Click Injection Fraud?

Click Injection fraud affects almost every player in the advertising industry, even if the consequences vary. It marginally affects the user experience of the customers, but has a significant financial and reputational impact if you are a network, publisher, or advertising.

Networks and Publishers:

Click injection fraud will take away the credit from the worthy and deserving network and publisher, depriving you to make money even if you get an install as a result of your genuine efforts.


Even if the campaign was influenced by click injection fraud, it may look that the advertiser eventually received the desired outcome that is app installation. However, it impacts them in multiple ways. To begin with, advertisers might end up paying to the network or publisher even if they earned the installation with the organic efforts. Moreover, such ad frauds manipulate the campaigns performance and viewability.

This can also lead to a negative impact on advertiser’s decision making as they may keep spending more on fraudulent sources while downsizing the real and true performers. Needless to mention, that as not an ideal scenario to be in.

What are the threats that click injection pose?

Click injection affects mostly the publishers who run digital ads across several platforms with the goal of driving app installations. CPI campaigns are usually run on multiple different ad networks, meaning that enterprises need to protect them across each such platforms. The main threats are:

Advertising budget losses

Click injection result in fake ad engagements, wasting advertiser’s hard earned money that could have been spent on reaching real people.

Compromised analytics

Marketer’s future campaigns and ad spending are influenced by the data that they get from campaigns. Since any data affected by click injection will be skewed, marketers will not be able to accurately identify which channels are most effective, perhaps resulting in investing money into invaluable campaigns.

What can you do to prevent click injection?

Click injection, even though it is a simple sort of ad fraud for fraudsters to carry out, it is a malicious form of ad fraud because it infects devices directly. Keeping up with all of a fraudster's tricks is difficult. Without proactive anti-fraud solutions that automate the detection of bad actors and their methods, click injection fraudsters will continue to use low-quality apps to hijack devices.

Protect your CPI campaigns against click injection

Ad fraud prevention often feels like a cat and mouse game. As soon as you block one incident, another ten pop up in its place. Unfortunately, fraudsters are only getting smarter. Ad fraud is becoming more difficult to detect, especially without the use of anti-fraud solutions that are specifically engineered to prevent your campaigns and ad spending from such frauds.

Com Olho’s solution can help enterprises prevent multiple forms of ad fraud before they have the chance to steamroll your campaigns and bleed your budgets dry. Find out more about how Com Olho can help protect your advertising campaigns by scheduling a free demo.


Recent Posts

See All


Get Started with Listing of your Bug Bounty Program

  • Black LinkedIn Icon
  • Black Twitter Icon
bottom of page