the abcs of mobile app fraud

by Justin Fibich Region Head, Apsalar

The ABCs of MOBILE FRAUD

Copyright © 2016 All rights reserved worldwide. | www.apsalar.com 2

INTRODUCTIONLots of people are asking questions about mobile fraud these days. And for good reason. After all, the threat to mobile-first and other mobile-enabled businesses is growing stronger every day.

Further, ‘mobile fraud’ is a complicated topic, encompassing a variety of fraud types that have different characteristics and different victims. Yet fraud is often discussed in sweeping, general terms. That can cause confusion and misunderstandings. This paper is designed to give the marketer:

High-level understanding of four of the major types of mobile fraud

The basics of how each type of fraud occurs

Basic and advanced strategies marketers are taking to protect their businesses

Some of these topics extend far beyond the focus of Apsalar’s mobile app attribution and data management business. But, in our view, all marketers need to understand the key areas of mobile fraud so that they can make informed decisions. Therefore, we have created this ”introductory” document to help educate and inform.

Big Temptation for FraudstersMobile ad spend will hit $40B this year, according to eMarketer. Business Insider reports that app install spend will top $6.5B. And mcommerce, the dollar sales of goods and services sold via mobile devices, will surpass $142B this year, according to Forrester.

What all that adds up to, besides $188.5B, is a huge temptation for bad actors to perpetrate one or more forms of mobile fraud in order to skim off a big chunk of that money.

Mobile fraud is, by definition, deliberately robbing a brand, its partners, or its customers without providing expected value in return. It is deliberate and criminal. But fraud and the efforts to fight it are by no means simple or static. Fraudsters are constantly changing their approaches. As good actors get better at spotting fraud, fraudsters get better at perpetrating it.


Let’s take a look at the four major mobile fraud types and how you can protect your business from them

Incentivized Install FRAUD

Driving users to install your app is the first step in creating a robust mobile business. People prefer interacting and transacting in apps – in fact, comScore reports that almost 90% of mobile time is spent in-app versus on the mobile web. So app installs are among the most common KP for mobile app marketing efforts.

For years, the app industry was driven by so-called burst campaigns designed to drive enormous install counts at the time of an app launch, so that the application would rank high in the app stores. High ranking drove awareness, which in turn drove more installs, creating a perfect storm.

That said, this marketing strategy also created an enormous opportunity for fraud because it led to app business owners caring most about raw install numbers, not the quality of the users who installed their apps. And the most common buying methodology for app advertising, cost per install (CPI), further increased the incentive to perpetrate install fraud.


(Forensiq, 2015)

$1BillionCost of Mobile App

Install Fraud

TYPE ONE

JAMES

Highlight

Because marketers prioritized user acquisition cost and scale over user quality, any media vendor who could deliver installs at or below target CPI rates was rewarded with significant media budget, and often uncapped IOs. This lead to revenue trickling down through the ecosystem as networks maxed out the capacity of their own publisher base and often turned to other media vendors to source additional installs.

The most effective method of driving raw install volume involved a network or publisher incentivizing users to install an app by rewarding users with in-game currency, free WIFI, or extra mobile data allocations. Some incentivized users download the app, try it out, and like it. Others install the app to get their reward, with no intention of actually using it. Predictably, many users typically fall into the latter bucket, and incentivized campaigns typically drive lots of below-average-quality installs.

Depending on campaign goals, low-quality installs are not always a problem – rational marketers run incentivized campaigns all the time, recognizing that a loss of quality is inevitable with quick scale. The key is: marketers understand the tactics in play, and adjust CPIs to match expected quality.

Fraud takes place when media vendors (or their affiliates) obfuscate that their traffic is incentivized. In this scenario, marketers pay for regular installs, but are delivered lower quality incentivized installs. This is a form of fraud – marketers are buying a good, and being provided with another good of lesser quality.

Incentivized install programs are an appealing arbitrage scheme – profits are simply a factor of sourcing a CPI payment higher than the cost of the incentive you’re offering a user. For example, in developing markets where users typically buy pre-paid data packages, an app publisher could offer users $1.00 worth of mobile data in exchange for installing an app with a $2.00 CPI, resulting in 50% profits.


Today, as app marketers are increasingly concerned about QUALITY installs, they need solutions to protect themselves against threats like incentivized install fraud. As with most forms of fraud, detection and prevention rely on a flow of good data that reveals likely in-stances of fraud. The most common strategies being utilized by marketers to prevent or control incentivized install fraud include:

Common sense: Gone are the days when app marketers were taken in by promises of massive install counts quickly or at extremely low cost. Today, marketers know that a deal that sounds too good to be true is likely to result in low quality installs.

Focusing resources on larger/most trusted partners. Larger or niche vertical companies are more likely to have the resources to detect and prevent fraud. Further, properties like social networks can use their user account information to help ensure that installs come from legitimate people. At Apsalar, we saw a 393% increase in the number of installs driven by the top ten media partners in 2015 and a 105% increase for the second ten. The “losers” during that same period? Small, “no-name” players without a quality user story to tell. While the size of the media company is no guarantee of strong or weak installs, this is clearly an instance where big brands are gravitating toward big media in order to protect their investments.

Leveraging retention and uninstall data: By comparing the set of users attracted by different media companies, brands can learn a lot about user quality. Low user retention or high uninstall rates are increasingly relied-upon signals of possible fraudulent activity.

Diversify key performance indicators (KPIs): Some install campaigns drive users to install the app plus complete a post-install event, such as a registration process or tutorial completion. You can protect your business from fraud if you develop KPIs & benchmarks that are harder to predict or unrealistic to fraudulently incentivize – such as post-install events that are unique to your app, or long-term usage metrics that occur days or weeks after the install. While the bounty that you have to pay for each user will increase given the higher bar you have set for user engagement, the cost will likely be well worth it.

Identify sub-publisher level anomalies: Sometimes media network partners may not be aware that their publishers are perpetrating fraud. By breaking out source- & campaign-level reporting to examine key metrics at the sub-publisher level, it can be easy to spot pubs that drive abnormally high install counts or abnormally low quality. Those are clear warning signs of fraud.

01

02

03

04

05


Falsified Install FRAUDAnother kind of install fraud takes place when bad actors fake the signals of a legitimate app install when no app was (intentionally) installed on a real device.


Fraudsters perpetrate this crime in several ways:Media or traffic companies create fake devices and then transmit install signals to the app marketers. In this scenario, no install actually takes place because the “devices” aren’t real. In fact, these install signals often come from cloud network providers rather than mobile devices.

Here, a person agrees to download an app, and another app (or apps) are paired with the download. The user agrees to install one, and other apps are secretly installed on their phone or tablet. Sometimes the unwanted apps appear on a phone screen, while other times the apps are hidden and run in the background – never visible to the user.

Device Emulators

Piggyback Installs

Forced Installs

Automatic Install Cycles

This scenario is similar to the piggyback instance, except that the apps are installed by malware without any legitimate install taking place.

A variant of all of the above tactics, where an app is installed, uninstalled, reinstalled, uninstalled, and so forth, driving up huge install counts on real or simulated devices.

Because of the open nature of the Android platform, these problems are more common for Android than iOS.

TYPE TWO

There are a variety of effective ways to detect and thwart instances of falsified install fraud:


01

02

03

04

05

Data-driven analysis: Savvy marketers use measures from their marketing and customer data to de-tect likely fraudulent installs. Typically, these marketers measure the relative instances of multiple KPIs across partners, campaigns, and even publishers to detect data significantly at variance from normal patterns. Measures like retention rates, uninstall rates, engagement rates, and conversions are careful-ly examined across specific time windows in order to identify possible sources of fraud.

Identify sub-publisher level anomalies: Just like with incentivized traffic, fraudsters will often perpe-trate their crimes through intermediary ad networks or exchanges. Your partners may or may not know that such fraud is taking place. By breaking down source- & campaign-level reporting to examine key metrics at the sub-publisher level, it can be easy to spot pubs that drive abnormally high install counts or abnormally low quality.

Installs from Suspicious IPs: When a large number of installs come from a single IP address or group of IP addresses, there is a good chance that fraud is taking place. For example, IP addresses for data centers, cloud infrastructure providers and endpoints should be carefully scrutinized.

APK-Based Installs: In the Android universe, it’s possible to install apps on locations other than Google Play or the Amazon store Such installs are called “APK Installs. Sometimes brands agree to this method of distribution. Other times, media companies secretly make apps available on these sites as a way to jack up install counts. Marketers should check their data for instances of APK distribution and act accordingly.

Manufacturer or Carrier-based device verification: A new form of protection, in which Apple/Google/mobile carriers are queried as to whether a device ID is legitimate and tied to a customer account, is also gaining traction, particularly in developing markets like India and China.

This topic refers to theft of goods and services. As you consider purchase fraud, it can be very helpful to draw a distinction between real goods versus virtual goods. These two different kinds of purchased items create different types of fraud opportunities.

Mobile Purchase FRAUD

(Apsalar Q1) 2016

34%Percentage of IAPs that are fraudulent

Virtual goods or “IAPs”: Virtual good or in-app-purchase (IAP) fraud takes place when imaginary items like gold for a game are stolen from app publishers. Virtual goods are the revenue engine of the gaming industry. Many game companies earn the lion’s share of their revenue from these items. These in-app purchases (IAPs) are very profitable for game publishers because the goods are virtual versus tangible. But they also leave such brands open to a high potential for purchase fraud.


TYPE THREE


Fraudsters perpetrate IAP fraud by mimicking confirmation messages from the app stores, even though no real transactions have taken place.

For many years, game developers turned a blind eye to fraud, believing that it represented “revenue” that they wouldn’t have gotten anyway. The thinking here was that bots and individuals acting fraudulently were unlikely to actually buy goods if they were prevented from stealing them.

But more recently, game publishers have recognized that fraudulent purchases really do represent significant lost revenue. Many would-be purchasers of legitimate IAPs may erroneously buy fraudulent goods through altered versions of apps, or may leverage online advice for “cracking” games. Further, they might find an offer online for discounted versions of virtual items and either not understand or not care that they are buying “hot” stuff.

Stolen virtual goods also damage user experience. Fraud can create an unfair advantage for cheaters, especially in multiplayer games.

Game companies must block most or all IAP fraud in order to maximize revenue and profit. In the next column, you’ll find a few of the most effective approaches for detecting and minimizing IAP fraud.

Server-side verification: Both Apple and Google of fer a receipts system in which any purchase of an item is verified by a notice of a transfer of funds. Many tech companies (like Apsalar) incorporate server-side verification into their offerings.

Code obfuscation and key encryption: While such strategies don’t outright prevent fraud, they do make it more difficult for a fraudster to copy or hack code.

APK site monitoring: Some bad actor Android APK sites make unauthorized changes to app code in order to steal IAP revenue. Carefully monitor your APK-derived installs by source to watch for fraud.

Monitoring and vigilance: Brands need to proactively monitor their IAP data to spot signs of fraud. A variety of third party services are available, but brands can also scan their own data for patterns like:

Purchases made from the same device advertising ID every few seconds

Multiple purchases of the same IAP from the same device

Large value of purchases from a single device (e.g., >$75 worth of purchases from a device)

That provides an introduction to IAP fraud. Now let’s change our focus to other types of retail theft.

01

02

03

04

Purchases enabled by identity theft/unauthorized use of a pirated credit cards or card numbersChargeback schemes where fraudsters order goods and then contact credit card companies to stop paymentCreation of false credit accounts by employees or hackers

This topic relates to theft of real world goods, not virtual ones. Some of the most common sources of real goods transaction fraud include:

Real Goods and Services:


01

02

03

04

Some of the key strategies retailers use to reduce or prevent mcommerce transaction fraud include:

Using reputable credit card processors: Any credit card processor must be Payment Card Industry Data Security Standard (PCI) compliant. This, coupled with transaction encryption, are minimum standards that merchants must adopt.

Requiring users to create accounts: A growing number of merchants are requiring users to create accounts, versus offering the option of “guest checkout.” Account profiles enable brands to collect more user data and then develop robust shopper profiles. They can use these profiles to verify purchasers before a fraudulent transaction takes place.

Fraud detection monitoring: By examining customer and transactional behavior, or by contracting with one of the many third party services available to do the same, brands can identify and interpret signals of fraud. There are generally four different perspectives considered: user behavior, physical location, security/authentication, and account activity.

Compartmentalization of employee responsibilities: Here the merchant divides the steps for creating accounts and authorizing credit across multiple individuals, so that no one person can create false accounts that cost the company big money.

To protect your business, your best bet in regard to real goods and services purchases is to find experts in this incredibly complex and specialized discipline that can help you formulate your protection strategies.

With mobile ad fraud, fraudsters deliver fake or invalid impressions and clicks. They do this using one or two main approaches:

Fraudulent apps and malware simulate ad impressions and clicks that never actually occur, using legitimate devices

Banks of computers simulate ad views on “devices” that don’t actually exist

Ad fraud in the app world is most damaging to publishers, because brands typically pay for performance (cost per install) while they sometimes pay publishers based on impressions and clicks. Outside of apps, impression and click fraud are most damaging to brands because they typically pay by the impression or click.


Mobile App Advertising FRAUD

TYPE FOUR


01

02

03

04

Programmatic media buying creates rich opportunities for ad fraud because of the daisy chain of inventory sources. When publishers and networks can contract with thousands of partners to syndicate content and drive traffic, it’s relatively easy to insinuate fraudulent ad views into campaigns.

Key strategies to prevent or reduce ad fraud for your business include:

Choose low IVT inventory services. Trusted third parties like MRC, IAS and comScore already measure the percentage of invalid traffic delivered by many publishers. By limiting sellers that strive to deliver genuine value, brands can reduce their risk before fraud can occur.

Leverage Verification Services: New technologies enable you to identify fraudulent or suspicious views and actions within your campaigns.

Measure. And set goals tied to your true KPIs. It’s easy to game brands that are asleep at the wheel. By employing robust measurement solutions, brands can detect and prevent bad inventory sources. Further, by measuring and optimizing campaigns to real business goals like registrations, purchases, and measurable brand effects, you can ensure that your ads are being delivered to relevant humans. At minimum, make sure that the KPIs you use to measure results aren’t all “game-able”. Focus on measures that reflect a meaningful impact on your business.

Benchmark norms for media partners and watch for major anomalies at the sub-publisher level. Analyze your data to spot potential sources of fraud. Look for unknown publishers delivering huge traffic or click counts. Avoid impression and click goals that are easily gamed. Use third party verification tools to ensure campaign delivery and metrics. For media, verify key measures like impressions, complete views, ad viewability and levels of nonhuman traffic.


Across all of these types of mobile fraud, your efforts to limit their impact must start with a robust foundation of data on your customers and their actions. Without insight into what is going on “under the hood”, you will have no way of measuring the risks and costs of fraud.

While experts play an important role in identifying and preventing mobile fraud, marketing generalists can also take actions that can significantly reduce the risks to their businesses. It’s usually not too difficult to spot signs of fraud. That’s because companies are trying to steal a lot of money quickly. That greed makes the signals easier to spot.

By laying a strong data foundation and then deploying the tools and strategies necessary to act on that data, brands can go a long way toward reducing the risks and costs of mobile fraud for your business.

Parting Thoughts

About the AuthorJust in Fibich is a Region Head for Apsalar. A seven-year martech and digi tal measurement industry veteran, he is a mobi le and mobi le app industry expert and a thought leader in the mobi le and PC measurement and attr ibut ion industry. At Apsalar, he has been integral to establ ishing our internat ional cl ient footpr int in Asia, Lat in America and the Middle East, and has been a key dr iver of our growth with leading app publ ishers and F100 companies in the US. Prior to jo ining Apsalar, he was a key member of the sales organizat ion at Conversant, Inc. (now a division of Al l iance Data,)


where he led the company’s popular Master TMS® tag management offer ing and was key to driving sales for Mediaplex Ad Server. Just in has made signi f icant contr ibut ions to the adtech and martech industr ies, including creat ing the IAB Arena, an innovative map of the digi tal ecosystem recognized by the IAB as an important tool to foster learning and understanding of the digi tal display advert is ing industry. He holds a Bachelor of Arts in Internat ional Relat ions and Economics from Universi ty of Cal i fornia-Davis, where he was also a Defensive Tackle for the Aggies’ Division I footbal l team.

Apsalar is the leading mobile app marketing measurement and optimization company that helps app marketers drive maximum return from all their marketing investments. With Apsalar attribution and audiences, app marketers can optimize their media allocation and empower their partners and platforms to

deliver customized communications, for better results at every step in the customer journey.

With Apsalar, mobile-first companies get the data, information and insights they need to drive maximum ROI. Apsalar offers powerful and proven solutions that help companies capitalize on many of their biggest

app growth opportunities.

App MediaAttribution andOptimization

App Audiencesfor

Remarketing

App CRM and Prospecting Audiences

ABOUT APSALAR

FOR MORE INFORMATION ABOUT THE APSALAR MOBILE ROI PLATFORM,

contact us at [email protected] or visit our website at

https://Apsalar.com

the abcs of mobile app fraud

Marketing