Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Demystifying SDK Spoofing

437 views

Published on

Mobile Spree San Francisco 2018: Spoofing is a buzzword that gets thrown around whenever people talk about fraud. Adjust’s Product Research Manager, Michael Paxman, discusses how much of it is true, and what can you do to protect yourself.

Published in: Mobile
  • Want to earn $4000/m? Of course you do. Learn how when you join today! ♣♣♣ https://tinyurl.com/y4urott2
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Secrets to making $$$ with paid surveys... ■■■ https://tinyurl.com/realmoneystreams2019
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Discover a WEIRD trick I use to make over $3500 per month taking paid surveys online. read more... ●●● https://tinyurl.com/realmoneystreams2019
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • let's be honest. There are a lot of crazy devices, pumps and p.ills that all claim to be the solution to adding BIG length to your penis. However, most, if not all of these solutions don't pan out, or the growth is only temporary. I guess you could always consider surgery, but if you are anything like me, the thought of having a sharp metal object anywhere near your junk makes you quiver with blood curdling fear :-) Well, it just so happens my friend John, who I met at a men's health conference a few years back, has literally stumbled upon the key to natural male growth. Unlike other systems out there, his involves two unique components: 1. Restarting biological growth that boys experienced during puberty, turning them into men. 2. Performing tested and targeted exercises to encourage blood flow and supersize growth. John has just released a completely ZERO COST enlargement exercises guide where you can discover the proven techniques to start REAL and PERMANENT growth. Download the enlargement exercises guide here ➤➤ https://tinyurl.com/yaygh4xh
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • A Penis Growth Program With Actual Video Proof That It Works! REAL Growth With Video Proof, You Can't Fake These Enlargement Results... ■■■ https://tinyurl.com/getpebible2019
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Demystifying SDK Spoofing

  1. 1. BERLIN • NEW YORK • SAN FRANCISCO • SÃO PAULO • PARIS • LONDON • MOSCOW • ISTANBUL SEOUL • SHANGHAI • BEIJING • TOKYO • MUMBAI • SINGAPORE Demystifying SDK Spoofing
  2. 2. 2 What is SDK Spoofing?
  3. 3. 3 Attribution Provider Ad Networks Your Backend Social Media
  4. 4. 4 Attribution Provider Ad Networks Your Backend Social Media
  5. 5. 5 Attribution Provider
  6. 6. 6 Proxy Server Attribution Provider
  7. 7. 7 Spoofer’s Laptop Attribution Provider
  8. 8. 8 Spoofer’s Laptop Attribution Provider
  9. 9. 9 How does it affect me?
  10. 10. 10 Attribution Provider Ad Networks Your Backend Social Media
  11. 11. 11 Attribution Provider Ad Networks Your Backend Social Media
  12. 12. 12 ‣ Impressions ‣ Clicks ‣ Installs ‣ Sessions ‣ Events ‣ Revenue ‣ KPIs (LTV, Retention…) ‣ Callbacks to your BI ‣ Callbacks to partners ‣ Fraud prevention What’s affected? Spoof the network SDK Spoof the attribution provider No longer objective
  13. 13. 13 ‣ You lose the ability to know what realistic data should look like. ‣ You can’t guarantee your test group is clean of spoofed data. ‣ …how do you know what KPIs “look good”? “Common Sense” Fraud Prevention
  14. 14. 14 What’s the solution?
  15. 15. 15 ‣ Apple and Google telling us what is legit and what isn’t. ‣ …maybe one day. The Perfect Solution…
  16. 16. 16 ‣ Any claim that an SDK is “spoof-proof” is demonstrably false ‣ Closed source SDK? Nope ‣ Sending data to an attribution provider S2S? Nah ‣ Buzzword nonsense? Uh… ‣ These solutions don’t work because the spoofer controls both the source of data and the means of delivery. Step 1: Don’t believe the hype
  17. 17. 17 ‣ Goal: To ensure data came from a real app running on a real device. ‣ Shared secret, or SDK signature. ‣ This too can be spoofed. ‣ The only solution is to price spoofers out: ‣ Make them hire a securities expert ‣ Make each signature cost money to crack Step 2: SDK Signature
  18. 18. 18 So… now what? Chase up your partners Protect your internal data Shortlist which SDKs are at risk
  19. 19. Michael Paxman PRODUCT RESEARCH MANAGER michael@adjust.com ADJUST HQ Saarbrücker Str. 37a 10405 Berlin Germany

×