What is SDK Spoofing?

It’s a Sophisticated Mobile App Install Fraud Technique


SDK Spoofing is a high-end masquerading technique where, the attribution SDKs think, they are getting install events from a legit device.


A series or sequence of test installs are generated.

URLs and Parameters are analysed

Static, Dynamic parameters are analysed

After a run through of this exercise, the fraudster exactly knows which URLs to call for the SDK to recognize it as a install event.

It starts calling the same, and the SDK registers it , as coming from a legit device.

Its like you believe what the messenger is saying


Since the SDK is being spoofed, SDKs are working to add signature hashes to the install URLs, so there is a dynamic element to the URL before they can accept it, as coming from a trusted device. Making it a little harder for the fraudsters to guess and send a install URL.

Other Measures

Either there must be a software generating the install URL on the device in another app OR it must be getting this from a proxy fraud machine , (proxying itself to be google play store or apple app store).  

Botman is working on interesting techniques to identify SDK spoofing devices and flag them. Talk to us.

Don't miss these stories