17.05.2018   3093

Fraud In CPI Advertising: Types, Detection Techniques And Software

by Yu Vorobyova

Mobile advertising experienced a vast leap in growth in the past couple of years, meaning more $ involved and attracting even more malicious activities. During the 2015-2018, many analytical companies had made assumptions on what kind of money is lost to fraud, all of them were counted in billions of US dollars. It’s no surprise that everyone wants a bite of the resources stored in the industry.

Graphics and data by DataVisor

Let’s take a closer look at various types of fraud in mobile advertising, as it differs from one payment model to the other.


  • layered ads (a number of banners all hidden under a single one, impressions count for each of them, while user only sees one);
  • hidden pixels (an ad is shown as an invisible pixel within an app or mobile website, a user never sees it, but the impression is counted as a normal one)
  • autoplay videos (videos are played in the background and go unnoticed by the user, but the views are paid for by the advertiser).


  • automatic redirects (no clicking involved: the user just gets redirected by the fraudster to the advertisers’ app or website);
  • misleading advertisements (ads that look like system alerts or warnings, fake “x” buttons — everything to trick the user into clicking).


  • bots (automated installs are generated through proxy);
  • device emulators (installs by simulated devices that send signals which can be interpreted as genuine);
  • click farms (downloads that are made by real people with multiple devices, that get paid for these actions);
  • maliciously incentivized traffic (originally non-incent traffic made incentivized by publishers to show better results and collect more fee from advertisers).

* most of the fraud routes taken in CPI can be utilized for other models.

This time, we’ve decided to take a closer look at manual and automatic ways to fight fraud in CPI.

First of all, you can manually detect the traffic behavior changes, such as:

  • significant variations in the distribution of device types;
  • click:install ratio (CTIT) to detect install hijacking and click flooding;
  • CR metrics is the first indicator for maliciously incentivized traffic;
  • intervals between actions — if you notice that intervals are suspicious (too short, too even etc.), it’s fake.

All of these techniques can be used if you’re familiar enough with your own app averages, as well as what is common for your niche.

However, if you’re dealing with numerous apps and large amounts of traffic you might want to consider automatizing the analytical and blocking processes.

There are standalone tools, such as Forensiq, FraudShield, FraudScore, MaxMind etc. While choosing such a solution, take into consideration that machine learning is a must here. Also, look for tools that have various integration abilities, because you wouldn’t want to manually upload data from other analytical tools.

Some anti-fraud is included in Mobile Acquisition Analytics tools. These appear as more convenient as there is no need to integrate a separate solution, while they provide sufficient instruments to detect and fight fraud.

The most popular and efficient are:

Protect360 by Appsflyer:

  • includes a large list of IP and devices (DeviceRank), which are being tagged according to the trustworthiness, depending on previous activities.

Fake installs are automatically excluded from all other analytical processes in Appsflyer.


  • checks CTIT, conversions, and multi-touch;
  • validates installs (on iOS) and revenue transactions (iOS and Android) with The App Store/Google Play.
  • blocks installs from both server-based and on-device malware based bots in real time (by accessing Appsflyer’ active bot signature database).

*For the time being, only developers can access the full pack of Protect360 features.

Adjust features two anti-fraud algorithms:

  • checking all IPs against VPN IP-lists and marking all conversions with hidden IPs;
  • click spam analysis:
    • checks the number of clicks from the same source;
    • checks CTIT.
  • effectively rejects all detected fake installs.

Kochava added a fraud console to their toolkit with 13 reports that “flag all identifiable fraudulent tactics present in the ecosystem”, including:

  • high click volume IPs and devices;
  • Mean-Time-To-Install (MTTI) and Time-To-Install (TTI);
  • GEO click-to-install delta;
  • platform click/install mismatch;
  • ad stacking clicks;
  • anonymous installs.

Their Global Fraud Blacklist aggregates lists of fraudsters from across all Kochava traffic. When enabled, all entities on the list are automatically excluded from all analytical processes.


Obviously, the first step to fight fraud is to work with trusted direct partners. That, however, won’t guarantee you 100% fraud-free traffic. While we come up with smarter ways to detect and fight fake installs, offenders find new ways to trick the system. Plus, reaching a direct advertiser or a publisher is a challenge.

It’s by consolidating all the possible ways: identifying trustworthy partners, relying on automatic anti-fraud solutions and manually checking the traffic, that you can achieve best results in fighting fraud.


Subscribe to our news