Successfully reported this slideshow.

The Complete Guide to Fighting Mobile Ad Fraud

2

Share

Loading in …3
×
1 of 31
1 of 31

The Complete Guide to Fighting Mobile Ad Fraud

2

Share

Ronen Mense, VP APAC at Appsflyer presents at our Developer Series at China Joy 2017 - giving a comprehensive look at the state of mobile ad fraud today and how advertisers can best combat it.

Ronen Mense, VP APAC at Appsflyer presents at our Developer Series at China Joy 2017 - giving a comprehensive look at the state of mobile ad fraud today and how advertisers can best combat it.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

The Complete Guide to Fighting Mobile Ad Fraud

  1. 1. The Evolution of Mobile Ad Fraud: From Hazardous to Dangerous
  2. 2. #1Global market leader in mobile attribution & marketing analytics 500B Mobile actions measured globally per month 65%Market share according to 4 independent studies 300 staff Across 13 offices globally 15,000+Customers
  3. 3. Mobile Usage Explosion
  4. 4. Mobile Ad Budgets Explosion - 2017 Global Spend - $99.3B $97.4B
  5. 5. Bad actors fancy a piece of the pie (cheese)
  6. 6. Generate fake clicks & installs, via person or basic robot Basic Fraud
  7. 7. IP, user agent filtering (blacklisting) Basic Protection Industry fights back, focusing on real time protection Install & receipt validation Distribution modeling (mean-time-to-Install)
  8. 8. Advanced Fraud Focus on Deceiving Attribution Platforms
  9. 9. Click Flooding
  10. 10. Install Hijacking
  11. 11. Click Hijacking Legit click 1. Malware identifies the click 2. Malware IDs send fake click seconds after real click 3. Install attributed to fake last click
  12. 12. DeviceID Reset Marathons
  13. 13. Limit Ad Tracking Exploitation
  14. 14. ROI is Dangerous
  15. 15. New Devices New sophisticated mobile ad fraud skews ROI data Install Hijacking Click Flooding Exploiting LAT
  16. 16. Stolen organic users Fake or stolen quality non-organic users The Bleeding Cash Cycle
  17. 17. Fighting Advanced Fraud: Think Layers
  18. 18. Basic IP Filtering MTTI Advanced Device Level Protection Real Time Protection
  19. 19. 98% of all devices 500b+ monthly events Mobile metadata analysis Device authenticity rating Attributed Flagged Blocked Flagged Machine LearningScale Device Level Protection
  20. 20. Deep Protection
  21. 21. Click Flooding: Detection
  22. 22. Click Flooding: Detection
  23. 23. Install Hijacking: Detection
  24. 24. Click Hijacking: Detection ✗ Raw data timestamps: very short time between clicks
  25. 25. Device ID Reset: Detection
  26. 26. Device ID Reset: Detection
  27. 27. Click Fraud Install Fraud ● Bot Clicks ● Bot Installs ● Click Redirection ● Forced Clicks ● Incentivized Clicks ● Click Hijacking ● Click Flooding ● Install Hijacking ● New Devices / LAT ● Fraudulent Devices (only with device level data) Real Time Protection is NOT Enough
  28. 28. Thanks!

Editor's Notes

  • Intro AppsFlyer
    Intro to Basic Fraud
    Intro to Adv. Fraud
    Why is this so dangerous? Bleeding Cash
    How to fight back?
    2 solution classes: basic (anomalies) & advanced (big data)
    Used for Prevention & Detection
    Real-time prevention is not enough
  • You must ask yourself how are tom & jerry connected to mobile ad fraud?
  • Even in CPA fraud, a basic approach relies on pre-programmed bots that follow a specific engagement pattern (which is also easily identified), trying to improve their retention and engagement rates. Others attempt
  • Active IP, user agent and device ID filtering. Algorithms actively monitor mobile ad interactions to automatically verify legitimate activity and catalog suspect or mismatched IP addresses, user agents and device IDs. BUT An IP can easily be switched (if door is closed, enter through the window), while a device ID can be reset.

    Receipt & install validation: connecting to the app store’s servers to validate the legitimacy of an install or in-app purchase

    Distribution modelling. Big data models are capable of detecting anomalies such as mean-time-to-install (MTTI), geographic distribution, click volume by IP address and device ID, user agent versus IP benchmarks and more. As with any machine learning, scale of data is extremely important so the larger your provider’s scale, the more data an engine can train on to deliver effective results.
  • In click-flooding, criminals send a massive number of clicks, hoping to deliver the last click before an install.
  • Install hijacking, also known as click injection is a type of mobile fraud that uses malware to send fraudulent click reports during the install process. Like click hijacking, this malware is often hidden in apps that otherwise appear legitimate as well as apps downloaded via third party-app stores.
  • DeviceID Reset Marathons is when criminals perpetrate DeviceID Reset Fraud at large scale. By clicking on real ads, installing the actual apps, and engaging with the apps, in massive, scaled device-farms, fraudsters generate seemingly legitimate activity. During a DeviceID Reset Marathon, fraudsters reset their DeviceIDs between each install at incredible scale, generating a tremendous amount of traffic from New DeviceIDs while bypassing real-time anti-fraud protection measures.
  • Many criminals attempt to hide their install fraud by enabling Limit Ad Tracking on their devices
  • Two reasons
  • With new types of fraud, fraudsters can claim real, organic and engaged users.
    The ROI looks amazing.
    Marketers don’t ask questions. CEO put more money in. Bottom line
  • Mobile fraud detection encompasses a set of technologies and reports that help mobile marketers identify fraud. Whereas mobile fraud protection uses a variety of rules and signals to block fraud in real-time, many advanced types of fraud require deeper analysis to detect based on a combination of big data - really big -, real-time machine learning and AI
  • On top of install validation + IP filtering, you need device level protection:
    Automatically Block Fraud Devices
    20+ cross-publisher data-points
    Analyzed by DeviceID
    Updated Daily
  • Mobile fraud detection encompasses a set of technologies and reports that help mobile marketers identify fraud. Whereas mobile fraud protection uses a variety of rules and signals to block fraud in real-time, many advanced types of fraud require deeper analysis to detect based on a combination of big data - really big -, real-time machine learning and AI
  • Click to Install Times spread out evenly or follow highly linear patterns
    Detection requires macro view of CTIT (increments of hours or days)
  • low click-to-install conversion rates and/or high contributor rates.
  • 5 seconds block but in 10-15 seconds some are legit! Need very short increments


    Detection requires granular breakdown of CTIT (increments of a few seconds)
  • High install rates from New Devices or ones with Limited Ad Tracking
    15-20% at most new install rate

    Detection requires device-level insights powered by a massive, global Anti-Fraud Database
  • High install rates from New Devices or ones with Limited Ad Tracking

    Detection requires device-level insights powered by a massive, global Anti-Fraud Database
  • reen = can be real-time / orange = can be partially real-time / red = can't be real-time

    Ctit, install validation, low conversions and more ways to automatically block click fraud
    Click redirection and forced clicks you have to look at publisher level and find anomalies
    Mislabled incentized traffic: need to find the anomalies

    Click hijacking / install hijacking
  • So yes this is a game of cat and mouse but we need to make sure that this is where we are at - always staying ahead of the curve as it moves very very fast
  • ×