What is SDK Spoofing?

It’s a sophisticated mobile app install fraud technique.


SDK Spoofing is a high-end masquerading technique where the attribution SDKs think they are getting install events from a legit device.


  • A series or sequence of test installs is generated.
  • URLs and parameters are analysed.
  • Static and dynamic parameters are analysed.
  • After a run-through of this exercise, the fraudster exactly knows which URLs to call for the SDK to recognize it as an install event.
  • It starts calling the same, and the SDK registers it as coming from a legit device.

It's like you believe what the messenger is saying.


Since the SDK is being spoofed, they work to add signature hashes to the install URLs, so there is a dynamic element to the URL before they can accept it as coming from a trusted device - making it a little harder for the fraudsters to guess and send an install URL.

Other Measures

Either there must be software generating the install URL on the device in another app, OR it must be getting this from a proxy fraud machine (proxying itself to be google play store or apple app store). 

Botman is working on interesting techniques to identify SDK spoofing devices and flag them. Talk to us to find out more.

Don't miss these stories