Type of Ad Fraud - Click Injections

Ad fraud has become a digital epidemic, spreading from web browsers to mobile applications. With every passing minute, constant progress is being made to develop more fraudulent strategies to con businesses of their investments. 

We’ve all seen those advertisements displayed on our apps, either appearing periodically or placed at the bottom of our screen. This is a mechanism similar to that of a PPC model to direct potential users to install apps. In this case, however, the advertising network is paid a certain amount per install (CPI) rather than per click. 

What are click injections?

Click injections are a recent trend of ad fraud that takes place in the time frame of installing an app on your mobile phone. It is a false click on an advertisement that is registered as the reason for the instalment of that particular app.

These are unique to Android devices as the concept of “install broadcasts” is specific to their model.

When do they occur?

For better clarity, let’s go over the steps of installing an app:

Step 1: A user may install an app “organically” (i.e. by searching for that particular app on Google Play) or by clicking on an advertisement for it. On clicking the ad, the user is directed to the app store, and the click is registered and recorded with the information of the time at which it occurred by the ad network. 

Step 2: The app is downloaded and installed on the user’s device.

Step 3: The app install is registered by the attribution provider only when the user launches the app for the first time after installation. 

Step 4: On receiving the signal, the provider sifts through all the ad signals received from different networks and determines which one is to be credited for the install. 

Step 5: If no clicks are recorded, the install is taken to be “organic”, and no advertiser is credited. 

By tricking users into downloading simple Android apps like the “flashlight” or a card game, fraudsters receive information whenever a new app is downloaded on your device. This allows them to trigger clicks to be registered with the provider, and the fraudster is then paid, although the install was “organic”.

How do the fraudsters get the information?

Android devices have the concept of “install broadcasts” where previously downloaded apps are sent broadcast messages whenever they are installed or de-installed. This is to ensure smooth communication between the apps and the software. However, it is being used by fraudsters by publishing a seemingly harmless fraudulent app as bait. 

App developers cannot control when the user launches the downloaded app on their device, and measurement SDKs cannot register the install before the launch. This time lag between the actual install and the registered install gives fraudsters the perfect opportunity to carry out their dirty work.

Impact of Click Injections

The allocated budget made to advertise to a larger number of people is wasted. It also leads to inaccurate results leading app developers to believe that the investments are useful for their sales rather than sapping the company of their money. Advertisers continue to invest their money in ineffective campaigns, giving the fraudsters precisely what they want.

Action being taken against Click Injections

However, these clicks have to be accurately timed to that of the “install broadcast” – which is sent as soon as the app launches on the device. This is to make it appear as though the fraudster (i.e. the advertising platform used as the cover) gets the credit for the install.

This can be detected by noticing inconsistencies in the click-to-install timing distribution, which can be visually placed on plotting.

Botman identifies affiliates and affcodes, claiming fraudulent installs on organic installs via click injection by calculating the TQscore for every affiliate. 

Fraud prevention services like Botman work daily to make it as difficult as possible for these fraudsters to carry out their work.

Don't miss these stories