Detect Click Injection

Detect Click Injection

Ad fraud has become a digital epidemic, spreading from web browsers to mobile applications. With every passing minute, there is constant progress being made to develop more fraudulent strategies to con businesses of their investments.

We’ve all seen those advertisements displayed on our apps, either appearing at certain intervals or placed at the bottom of our screen. This is a mechanism similar to that of a PPC model, to direct potential users to the installation of apps. In this case, however, the advertising network is paid a certain amount per install (CPI) rather than per click.

What are click injections?

Click injections are a recent trend of ad fraud which takes place in the time frame of installing an app on your mobile phone. It is a false click on an advertisement that is registered as the reason for the installment of that particular app.

These are unique to Android devices as the concept of “install broadcasts” is specific to their model.

When do they occur?

For better clarity, let’s go through the steps of installing an app:

Step 1: A user may install an app “organically” (i.e. by searching for that particular app on Google Play) or by clicking on an advertisement for it. On clicking the ad, the user is directed to the app store and the click is registered and recorded with the information of the time at which it occurred by the ad network.

Step 2: The app is downloaded and installed on the user’s device.

Step 3: The app install is registered by the attribution provider only when the user launches the app for the first time after installation.

Step 4: On receiving the signal, the provider sifts through all the ad signals received from different networks and determines which one is to be credited for the install.

Step 5: If no clicks are recorded, the install is taken to be “organic” and no advertiser is credited.

By tricking users into downloading simple Android apps like the “flashlight” or a card game, fraudsters receive information whenever a new app is downloaded on your device. This allows them to trigger clicks just before your install is registered with the provider and the fraudster is then paid, although the install was “organic”.

How do the fraudsters get the info?

Android devices have the concept of “install broadcasts” where previously downloaded apps are sent broadcast messages whenever an app is installed or de-installed. This is to ensure the smooth communication between the apps and the software, however, it is being used by fraudsters by publishing a seemingly harmless fraudulent app as bait.

App developers cannot control as to when the user will launch the downloaded app on their device and measurement SDKs cannot register the install before the launch, this time lag between the actual install and the registered install gives fraudsters the perfect opportunity to carry out their dirty work.

Impact of Click Injections

The allocated budget made to advertise to a larger number of people is wasted. It also leads to inaccurate results leading app developers to believe that the investments are used for their sales rather than the fact of it sapping the company of their money. Due to which, advertisers continue to invest their money in ineffective campaigns, giving the fraudsters exactly what they want.

The action being taken against Click Injections

However, these clicks have to be accurately timed to that of the “install broadcast” – which is sent as soon as the app is launched on the device – so as to make it appear as though the fraudster (i.e. the advertising platform used as the cover) gets the credit for the install.

This can be detected by noticing inconsistencies in the click-to-install timing distribution which can be visually placed on plotting.

Botman identifies affiliates and affcodes, claiming fraudulent installs on organic installs via click injection by calculating the AQscore for every affiliate.

Fraud prevention services like Botman work daily to make it as difficult as possible for these fraudsters to carry out their work.