Despite the growing number of anti-fraud solutions and in spite of numerous breakthroughs in fraud detection technologies, mobile app install ad fraud remains a fatal problem for app developers and the entire advertising ecosystem. Losses from ad fraud are estimated to rise to $12.6 billion this year, making it one of the industry’s most significant challenges.

Needless to say, fraudsters continuously revise and upgrade their tactics – but so do the fraud detection companies, with some of them giving loosely promises to identify “99.9%” of fraudulent installs in real time, and even “prevent” fraud altogether. Having an ultimate solution that can wipe out all fraudulent installs and, what’s more, do it automatically, would have been a lifeline to the advertising community.

However, the issue of mobile fraud is still far from being resolved. So, as its always the case with one-fits-all solutions, “real-time prevention,” when applied to app install ad fraud, may turn out to be no more than the industry’s latest buzzword. Given the huge sums that fraud-detection companies charge for their services, there’s a surprising lack of understanding about the current state of anti-fraud technology, its limits and abilities.

When fraud prevention works

First things first, there are a few solutions that are capable of preventing fraud. By requiring app developers to integrate its SDK, MMPs (Mobile Measurement Platforms) gain access to the app’s data and can potentially prevent fraud. That often looks appealing to User Acquisition managers because fraudulent installs don’t appear in the reports and, hence, there’s no need to go through the arduous process of negotiating fraud rejects.

On the other hand, though often seen as a “silver bullet” against mobile ad fraud, the MMP’s fraud prevention approach is far from perfect.

In the performance advertising area, marketers need to pay close attention to the statistics on the attribution of new installs for calculating CPI (Cost per Install) and ROI (Return on Investment) bids. MMPs show an attributed install in the dashboard during the first five minutes, so the system is required to make a final decision on a fraudulent install within a limited time frame. At the same time, while a fast decision-making process can be a game changer for advertisers, the insufficient time available for analysis can potentially decrease the accuracy of the final result, especially when it comes to detecting mobile ad fraud. To tell if the install was fraudulent with high accuracy, a third-party anti-fraud solution would need to analyze post-install in-app activity, which would, in turn, require accessing in-app events data for days.

When fraud prevention is [almost] a buzzword

As we have stated in previous paragraphs, only SDK-integrated solutions can provide full fraud prevention. Nonetheless, some third-party anti-fraud solutions explicitly claim to prevent fraudulent installs by wrapping URLs before a publisher.

Here’s how a typical link flow (or redirect chain) looks like:

  • Sub publisher tracking link – contains session information from the publisher’s ad network.
  • Publisher tracking link – includes information related to a particular publisher.
  • MMP tracking link – used for tracking the success of campaigns across various publishers.
  • Direct app store link – used for measuring user acquisition sources with the app store’s built-in analytics.

By inserting their tracking link between the publisher’s and MMP’s tracking links, third-party anti-fraud tools can potentially flag the click as fraudulent and block it from showing up in the MMP’s tracking link. And therefore, if the fraudulent click blocked, the fraudulent install doesn’t occur and doesn’t show up on the MMP’s dashboard. The fraud had been prevented.

However, the technology behind fraud prevention is a little more complicated than that. First of all, to start using fraud prevention offered by third-party anti-fraud solutions, app developers need to change tracking links for all publishers, which would require halting all their user acquisition campaigns and re-launching them again with a new tracking link. That doesn’t only make the redirect chain longer but also poses additional technical challenges to app developers.

Moreover, effective real-time ad fraud prevention may not be technically possible. Processing millions of clicks in seconds and providing an immediate answer on whether this or that click is fraudulent with Machine Learning algorithms will entail cutting-edge technology and computational power that, to the best of our knowledge, none of the third-party anti-fraud solutions possesses. Proceeding from these limitations, third-party anti-fraud solutions can only check simple rules set (e.g. whether an IP that generated a click belongs to a black-listed data center or not). Also, handling such huge amounts of data may result in lower accuracy and a very high price of a mistake – even one or two percent error rate would lead to a considerable amount of false positive and false negative decisions.

While false both app developers and publishers are negatively affected by false positive and false negative errors, the latter are losing attributed installs (and thus money) on each false-positive decision made by an anti-fraud solution. So, real-time fraud prevention is likely to get an extremely low buy-in from publishers. In fact, some larger publishers like Twitter and Google don’t allow to use any tracking links at all, making it impossible to incorporate this fraud prevention approach in their ad networks.

Another drawback of real-time fraud prevention comes from the nature of attribution theft. Unlike the install ad fraud that generates “real” clicks and installs from fake users (e.g., device farms), attribution theft generates fake clicks and installs from real users who might’ve seen the ad but didn’t click on it. Attribution theft includes such wide-spread types of fraud as click injection and click spam, which accounted for over 35 percent of all fraudulent app installs in 2018 [according to Scalarr’s recent report].

Given that fraud prevention technology relies on filtering out suspicious clicks based on a datacenter IP that generated them, it may not always be possible for third-party solutions to identify fraud generated by genuine devices. Therefore, attribution fraud stays under the preventative tech’s radar.

Take nobody’s word for it

In the nineteenth century, Philadelphia retailer John Wanamaker said: “Half the money I spend on advertising is wasted; the trouble is I don’t know which half.” When applied to 2019, this phrase сouldn’t be more wrong – marketing professionals can no longer afford to waste half of their marketing budgets on high-tech that may not live up to its commitments.

Ad fraud prevention technology promises to provide the “ultimate protection” against ad fraud, but these claims are often far from the truth. While it can, and in fact does, prevent more primitive types of fraud by leveraging real-time detection of IP anomalies, such a preventive approach may leave more complex types of attribution fraud completely neglected.

So what can you do? First of all, you need to get serious about evaluating the technological abilities of anti-fraud solutions you plan to use. Make sure this solution is able to provide well-rounded protection for your advertising campaigns, starting from the initial click and unlocking the post-install events analytics. Secondly, try not to fall for the buzzwords anti-fraud solutions use to sell their product. Just because they say it works doesn’t mean it really does.