What is SDK Spoofing?

SDK (Software Development Kit) spoofing is a relatively new, advanced, and sophisticated kind of mobile ad fraud by which a fraudster fakes a real install or engagement by employing a legitimate device ID that figures out how different app SDKs convey install and attribution data. This is done by running dummy data scripts mimicking real users. It then uses that information to indicate that an app has been successfully installed on a device when it has not. The data in hand of the advertiser often looks real, but sometimes is laced with sophisticated SDK spoofed traffic. 

This resultantly costs advertisers by generating valid-looking installs that are extremely difficult to detect.

​

​

How does SDK Spoofing work?

​

Let's take a step-by-step look at how SDK spoofing works:

​

1. Fraudsters bypass the SSL encryption between the communication of a tracking SDK and its backed servers by performing a man-in-the-middle attack (MITM attack).

2. The fraudsters create a series of 'test downloads' for the app they want to hijack or infiltrate.

3. They then figure out which URL calls correspond to which app operations.

4. Cybercriminals investigate which sections of URLs are static and which are dynamic.

5. They then put their setup through its paces and experiment with the dynamic elements.

6. Finally, once a single install has been successfully tracked, fraudsters know they've found out how to produce installs using a URL setup.

7. They then go through the process again and again, forever.