Industry News

App install fraud a $300 million business – analysis

Advertising on the web has taken many forms over the years, with one recent type of ad proving extremely profitable for ad networks and publishers, as well as fraudsters: app install advertising.

App install advertising offers developers and publishers an efficient, albeit costly, way to promote their software, paying for actual installs rather than impressions or clicks. Most services further promise complete freedom over campaign management and optimization, rates, etc.

But, for all the apparent transparency and the monetization perks these networks offer, they also make fertile ground for fraudsters, according to data from fraud detection firm DataVisor.

The company looked at 140,000 app installs from January to May 2017 and discovered fraudsters are tapping into this lucrative market by simulating the behavior of genuine advertising networks through increasingly sophisticated methods.

Among the techniques employed by fraudsters, researchers found: artificially generating fake installs using malicious apps, install farms, and mobile device emulators; stealing credit for an install from other publishers and organic sources using click injection; and faking the appearance of a legitimate user manually via install farms or through event scripts.

Up to $300 million in mobile app install ad spending is lost to fraud every year, the firm estimates. The figure is less surprising when we also learn that 5.3 percent of app installs from “non-premium” ad networks are fraudulent. Other findings include:

  • 29 percent of fraudulent installs have a two-day retention rate, analysts found (by looking at in-app events)
  • Some 18 percent even have day-7 retention events, suggesting fraudsters will go to great lengths to avoid getting blocked by the ad network buying traffic from them, and extend their accounts’ lifespan
  • Android users fall victim to fraudulent app installs five times more often than their iOS counterparts
  • Installs from devices/OSes released before 2015 are 2.5 times more likely to be fraudulent
  • The three countries with the highest fraud rate are Saudi Arabia (15.8 percent); India (7.8 percent); USA (6.5 percent); pictured above is the fraud rate in the top 15 countries by install volume

“Analyzing retention patterns across fraudulent and legitimate installs highlights two distinct classes of fraudsters: naive fraudsters that only fake the install vs. sophisticated fraudsters that fake retention for an extended period post-install,” DataVisor reports.

“Traditional fraudsters show a sharp dropoff in retention from Day 2 compared with legitimate users. On the other hand, sophisticated fraudsters are quite the opposite: in order to avoid detection, they artificially generate app opens and other activity at a rate even higher than that of genuine users,” analysts said.

App installs generated by advanced fraudsters can prove difficult to distinguish from legitimate installs, undermining the credibility of ad networks and wreaking financial havoc on small to mid-sized networks. Because of fraud, advertisers are being pushed into buying traffic from high-profile networks, while taking additional costly steps to mitigate the risk of pushing fraudulent app install content to their users.

Have you ever been duped into installing an app that appeared legitimate but wasn’t? Let us know in the comments.

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.