This article explores some of the most prevalent methods of cheating in mobile app promotion and strategies to detect such fraudulent activities. It’s worth noting that my collaboration with affiliate networks ceased a year ago, potentially rendering some of the described tactics outdated and less reliable.
Presently, the most common cheating methods include:
- 1. **High-volume Clicks**: Generating excessive clicks to exploit third-party attribution rules, where the last click before an install claims credit.
- 2. **Attribution Hijacking**: Manipulating attribution by simulating additional clicks after those of other channels, thereby usurping credit for installations.
- 3. **Simulator Emulation**: Using software emulators to mimic multiple devices and generate fake installs.
- 4. **Rewards Wall Abuse**: Exploiting reward-based advertising platforms to generate installs with minimal follow-through activity.
- 5. **Ad Exposure Grabbing**: Leveraging ad exposure attribution rules to claim installations without actual user engagement.
These methods typically exploit loopholes in third-party analytics, where the final click before an app installation takes credit for the entire user journey. For instance, a channel might flood an ad with clicks, hoping that some users will eventually install the app, thereby claiming attribution for all subsequent installs within a given timeframe, often seven days.
The tactic of generating high-volume clicks, though relatively straightforward, remains conspicuous due to its abnormal volume. Yet, some employ hybrid strategies, combining click flooding with emulator or rewards wall tactics to obscure detection by lowering overall conversion rates.
Signs of such fraud often manifest in several ways:
- 1. A channel exhibits extraordinarily high click volumes with disproportionately low installation rates (less than 1%), indicative of pure click inflation.
- 2. While click volumes are substantial, installation rates hover around 1%, suggesting a blend of high-volume clicks with rewards wall tactics or emulator-generated installs to inflate the installation rate.
- 3. Large click volumes result in installations around 1%, with subsequent user behaviors appearing marginally plausible, yet some activities exhibit suspicious patterns. This often indicates a combination of high-volume clicks with emulator-driven interactions or rewards wall completions of specific actions.
More sophisticated schemes may even simulate in-app purchases to further disguise the fraud, although achieving genuine metrics across all indicators remains challenging without proactive monitoring. Hence, when encountering suspicious activity, a comprehensive review of all metrics is essential to identify any vulnerabilities.
Attribution hijacking involves intercepting another channel’s click attribution, transforming it into an assist while positioning oneself as the primary driver of the user action. This method requires a higher level of technical finesse, potentially involving monitoring device installation states to simulate clicks before the app launch, often necessitating root permissions or advanced non-root capabilities.
Identifying hijacked attributions often involves scrutinizing metrics like click-to-install time differentials, assist ratios, click timing, and patterns to uncover discrepancies. Without deep dives into raw data, detecting such schemes proves challenging, as the attributed volumes often appear genuine, merely reallocating credit. Regular audits or specialized tools like AppsFlyer’s P360 can mitigate some risks, yet uncovering underlying patterns remains crucial, especially for smaller channels vulnerable to attribution losses despite genuine traffic contributions.
Simulator emulation, a more overt tactic, entails fabricating device data to simulate installs artificially. Despite third-party mitigation efforts, occasional oversights or advanced techniques using genuine device information in emulators may circumvent detection.
Fraud detection typically hinges on post-install behaviors like retention rates or payment patterns. Unless achieving an excessively high return on investment (ROI), distinguishing legitimate user behaviors from artificially boosted metrics is feasible, highlighting deviations from usual user engagements as telltale signs. Should such activity yield unrealistic metrics, settlement disputes become inevitable.
Combining high-volume clicks with rewards wall tactics or simulator fraud intensifies data obfuscation, necessitating exhaustive analysis to detect deception. For large-scale operations, engaging external professionals such as Datavisor for fraud audits may prove prudent, leveraging expertise in uncovering falsified volumes (ad fees accepted upon request).
The strategy of “grabbing view-through volume” capitalizes on exposure attribution, exploiting third-party rules to attribute installations within 24 hours of ad display, absent other click contributions. Primarily affecting video channels, this strategy extends to banner ads, significantly amplifying daily exposure metrics. Addressing these tactics in attribution platforms often involves discounting view-through volumes, balancing enhanced conversion metrics against potential cost increases, yet discerning the value in such “cheating” tactics remains contentious.
Additional cheating methods encompass carrier traffic manipulation and advanced SDK tampering, warranting further exploration into detection methods and strategic countermeasures. Please join in the comments for further discussion on anti-cheating methods and strategies.
