Mobile Fraud: How to protect your app?


Mobile ad fraud practices try to trick advertisers into believing they are getting more visibility and engagement than they are.

Fraud in the mobile industry differs from other sectors because it refers to the technology and is related to the attribution process. For example, in the financial industry, fraud is cloning cards and impersonating another person. Still, in the mobile industry, fraud is faking the identity of a user that does not exist or a device that does not exist.

Before explaining the types of fraud, their impact on advertisers, and good practices to avoid falling into deceptive practices, let's see a definition.
Ad fraud is an activity to deceive advertisers, publishers, or supply partners by exploiting their technology and manipulating advertising metrics in mobile applications. The main objective of it is to steal a bit of the publisher´s budget. The fraud in the mobile industry is related to the attribution process, but: what is the attribution? It is a process in which a  partner or traffic source awards an event to itself.  

These fraudulent activities may include fake app installs, fake ad clicks, and views, as well as the use of bots and click farms to artificially inflate performance data.
For example, Rocket Lab does a campaign: an attribution is produced by an installation. It operates a technology that says where the attribution comes from. Fraud seeks to circumvent this process to claim events that may be true or false, but the attribution is fake.

The most frequent fraud methods

There are two categories: Attribution Hijacking and Facilities Hijacking.

Click Fraud 

In this case, scammers use bots or infected mobile devices so that clicking on the ads automatically generates fake traffic. Advertisers might end up paying for clicks that weren't generated by authentic users.

Ad stacking 

AD stacking refers to the practice of superimposing multiple ads on top of each other in a single screen position. Overlay ads are not visible to the user, but are counted as impressions and generate fraudulent ad revenue. This deceptive tactic can artificially inflate impression metrics and mislead advertisers about the effectiveness of their campaigns.

Fake Installations

Are one of the most common types of mobile ad fraud. In this case, scammers create fake apps and use deceptive methods to boost installs. Bots or click farms can be used to simulate genuine installs and obtain payments for mobile advertising based on these fraudulent installs. Flooding is an example of this in which fraudsters send an “avalanche” of false click reports from or on behalf of real devices. After the real device downloads the app, the user is illegitimately credited with the installation. 

Invalid Traffic vs. Fraud: Are they the same?

“Invalid traffic is the one that does not fall under the conditions of the campaign, which does not mean that it is fraudulent. The fraud feigns that there is valid traffic to achieve revenue. For example,  there is a target that you want to target, but behind it, there is no real user or attributions are been stolen from organic traffic or another source”.
Migueángel Vásquez, Rocket Lab´s Head of Ad Operations.

Mobile Ad Fraud Indicators

Constant monitoring is the first step in identifying anomalies in user behavior, device sensors, and more. This state of affairs provides a big picture of patterns of legitimate activity and highlights anomalous behavior so that it can be minimized.


indicadores-fraudemobile ad fraud


Click to Install Time

It is the Time between click and install and is used to determine the authenticity of app installs. A suspiciously short CTIT (less than 10'') may indicate fraudulent activity, such as bot-generated installs or deceptive practices. On the other hand, an excessively long CTIT (24 hours or more) could be an indication of unwanted installations or actions of uncommitted users.

Conversion rates 

Fraudulent practices can distort conversion rates by generating false data about app performance. Also, these practices make it difficult to identify genuine and valuable users. Usually, one suspects something too good to be true probably isn't.

New device rate and NDR

Users install apps and, existing users switch devices. You should know the acceptable NDR for your activity.
NDR (Non-Detectable Rate) means the percentage of false impressions, clicks, or conversions that go unnoticed. It enables a fast and effective response, blocking access to critical resources, notifying affected users, and providing valuable information for subsequent investigations. 

The Impact of mobile ad fraud

DATA: Conservative estimates point to billions of dollars lost annually to fraud, with estimates ranging from $6.5 to $19 billion a year (eMarketer).

The consequences of online ad fraud go beyond the economic costs. Although it represents a significant financial loss for companies, it also affects the effectiveness of marketing strategies.
By inflating performance metrics, scammers can persuade advertisers to allocate more ad budget to their fraudulent campaigns. That way, advertisers lose money by paying for fake impressions and clicks, just like reducing their return on investment (ROI). 

Real or fake users? 

They are the other problem of advertisers who invest and reinvest in bad channels since there is contaminated data by being mixed. This fault also makes it difficult to distinguish organic users from acquired ones.

  • On the other hand, advertisers may also experience a decline in public trust and damage to their reputation due to inadvertent association with fraudulent practices. It must also be considered that it can affect the experience of legitimate users.
  • Furthermore, mobile ad fraud distorts fair competition and affects those legitimate publishers and platforms that follow ethical practices.

Learn about the Rocket Guarantee that in the event of post-attribution fraud, we will refund all of the affected investment. It also consists of a set of dynamic tools, good practices, and periodic evaluations to manage events that may generate a fraud risk to minimize the probability of occurrence.

Typical Forms of Mobile Ad Fraud

  • Fraudulent installation of apps
  • Non-human traffic generation (bots) and attribution theft.

As AppsFlyer points out in The Marketer's Field Guide to Mobile Ad Fraud "Indirect impact is a potentially bigger threat, as the long-term ramifications affect advertisers' decision-making processes, budget allocations, and audience targeting plans for future campaigns."

How to protect your app from mobile ad fraud?

The digital marketing industry must take proactive steps to combat this issue.To prevent it, it is essential to implement sophisticated fraud detection technologies, including the analysis of patterns and suspicious behavior, as well as establishing partnerships with specialized third parties for fraud verification and prevention.

Another relevant point is to promote education and awareness on the subject. Staying up to date on the latest trends and techniques used by scammers, as well as sharing best practices, can help strengthen the industry and protect advertisers from potential fraud.

Migueángel Vásquez, Rocket Lab´s Head of Ad Operations, who visited us to tell us everything we always wanted to know about Fraud in the mobile industry.

Best practices to fight mobile ad fraud

Constant monitoring

Keep regular track of advertising metrics like impressions, clicks, and conversions. Use trusted attribution and analysis tools to detect suspicious patterns and anomalies in data.

Traffic validation

Deploy traffic validation solutions to identify and filter non-human traffic, such as bots and click farms. This will help ensure that your ads are shown to real users and prevent artificial inflation of advertising metrics.

Work with Ad Tech partners/companies that are trusted data and have clear policies against mobile ad fraud. 

Make sure they implement security measures and filters to prevent and detect fraudulent activity.
In addition, it establishes strong contractual agreements that define the responsibilities and obligations of both parties in the fight against mobile ad fraud.

In conclusion, with constant monitoring, traffic validation, and collaboration with trusted partners, you can protect your app and maximize your ad revenue.
Remember that fraud is a waste of time and resources. There are entire teams that spend many hours working to resolve the anomalies they find in their data.

Rocket Lab can help you grow your app safely and reliably.