What exactly is a fake mobile install app and do fake install apps really cause that big a problem?

Let us try to find out the answer to these questions. Fake installations of mobile apps can lead to loss of revenue for the advertiser. It might not look like not a big figure when seen for a singular advertiser but when aggregated and analysed at the industry level, it shows a different picture. Fake installs or app install fraud in other words is continually growing as an industry. As of 2019, it is an industry as big as $13 Billion, to put this into perspective, according to Statista, the mobile ad industry is worth $233 Billion. So that amounts to a modest figure of well above five percent, which means that these revenues are being leaked out of the industry.

What is mobile application install fraud?

When apps are installed, it generates revenue but then they are installed by malware or bots or any other nefarious means it is constituted as a fake app install, this is done to collect the revenue or the so-called commission by a fraudulent affiliate partner to take credit for the install. These fake app installs should be distinguished by organic app installs, these are the app installations that would have happened even without the assistance of a marketing campaign. When brands and advertisers look at it from their marketing eyes, they realize that every installation by a targeted customer is very valuable because it enhances brand engagement, recognition, and ultimately conversions. These conversions become the major reason why marketers are enthusiastic and willing to pay for every installation by an affiliate partner.

How does mobile application install fraud work?

Since we are aware of how sophisticated technology is getting these days, it should also be noted that the umbrella of creating fake app installs is also growing. These methods include the following among others: bots install-hijacking, device ID reset marathons, device ID reset fraud, ad fraud hiding behind Limit Ad Tracking, server-based Installs, device-based Install fraud. With the advancing technology, it would be wrong to say that some fraud methods are not better than others and they are continually improved to make them look genuine.

The most commonly exploited model is the CPI (cost per install) campaign. In this method, publishers or ad networks take advantage of the advertisers by misusing the above-stated campaign. As already discussed, advertisers pay for every install to the user which simply means that more installs are equivalent to more revenue generation which eventually translates to more money for networks and publishers. To give a general idea, bots can be used by automated scripts on a mobile phone which are spread through malware. This malware can run programs in the background and infect the mobile phone device without the knowledge of the user. Bots can further be instructed to interact with ads, browse websites and even install apps. One more thing to be noted about bots is that this type of fraud can be done in the cloud and potentially in multiple locations on multiple servers so that it looks authentic.

Some fraud schemes also involve human frauds like install farms (in this type of fraud, people are paid to install apps on their phones and even interact with them). Device farm is a low-tech and simple form of fraud where one gets a number of devices and then installs multiple apps, opens them, deletes them, clicks a lot of tracking links, reset every device’s Identifier for Advertisers (IDFA for iOS), or advertising ID (Android). This process of installation and deletion is repeated regularly and ad money is collected. Some other forms of scam where the affiliate is falsely able to claim credit for installations (organic install) involve attribution fraud such as click stuffing or click injection.

Another common type of app install fraud is SDK spoofing. From a Mobile Measurement Partner (MMP), the mobile marketers place a software (SDK) that measures and monitors the results of their marketing. This type of fraud involves taking credit by the fraudster for installing an app that is not actually installed. In other words, SDK spoofing is used when malware from the first app tries to and is successful in simulating and attributing for another application on the same device except that the other app is not really installed but the credit for installation is taken anyway. It is also noted that in this kind of fraud, any activity they’re able to simulate on the app, they’re spoofing.

Can fake installs be prevented/detected?

There are ways that can help in the detection of fake app installs but they have their own drawbacks and most of them are either inaccurate or unreliable and mostly ineffective. To name a few:

1. An abnormal retention rate/ other KPIs:

Marketers should be cautious and always keep a track of any abnormal activities in the retention rates or in-app purchases or regarding other KPIs. Anything unusual about a campaign should be looked into because fraudsters are now not only generating fake installs but also continue to send post-install events which are basically like faking a users’ activity.

2. An abnormal number of new devices:

It is a statistical technique that is used to detect fake app installs by looking for a high percentage of brand new devices or mobile phones which have never been seen before which are coming from a publisher or an ad network. An abnormally high ratio is a sign of something unusual.

3. SDK Message Hashing

The main objective of SDK spoofing is to fake Mobile Measurement Partners (MMP) SDK traffic, hashing is used to protect MMPs messages. Data is taken and then for every app, a secret key combining them to a blob of data is created. This key can be verified at MMP’s backend. There is, however a problem with the secrecy because the users’ apps’ hashes can be extracted by the SDK fraudster.

It can thus be understood that fake installs are getting more common day-by-day and harder to detect and prevent too. Apart from these methods, there are devices and tools which help in the prevention of fake app installs, but even they have their drawbacks. So, until a stable technology is widely available, the mobile ad industry will keep losing money.