How to Fight Against Mobile Ad Fraud – Experts Advice & Tactics! Right From Detection to Overcoming it!

Carmen Lumina, Managing Director, BitterStrawberry

Carmen Lumina-BitterStrawberry

Bot traffic has surpassed human traffic this year. But not all bot traffic is bad; the good bots are usually monitoring bots, commercial crawlers, search engine bots and feed fetchers. We like these guys and we all use their services one way or another. The traffic coming from impersonators, scrapers, spammers and hacker tools, should be the one that concerns you. Some of the worst targets popular keywords with high CPCs. Publisher scammers use bots to direct qualifying traffic to affiliate sites. Then cookies track the traffic and siphon away commission from the true publishers, if purchases are made.

Most anti-fraud systems rely on application logs as the main source of information. Logs only record certain transactions performed by the user, but they do not capture the full user behaviour, which is essential for effective detection and prevention.

It’s the little things that make a BIG difference in being effective. And because we pay attention to all these details, has a proven record of immediate effective results.

Besides the solid partnerships with major mobile carriers and big traffic sources, another unique feature that our platform has to offer is the technology behind it. At the core of our offer distribution system is a mobile device-level fraud prevention technology, in-house developed, that is analyzing affiliate behaviour and patterns, by mirroring and filtering in real time, without any delay in traffic redirect.

This unique tool gives us a better understanding and insights on the mobile traffic, such as country, carrier, connection type, device, operating system, browser and time, but also other info that help us understand affiliate fraud profile, such as IP pattern, session time, proxy/VPN, duplicate users, incentivized traffic, duplicate IP, user agents, cookie dropping and fingerprints.

Our system can filter and drill down to each individual conversion and our dedicated performance team analyses the data 24/7. If there are any suspicious increases on certain traffic targets or suspicious sources, we send that traffic to different pre-landers that verify the fingerprint and the pattern.

Years of research and testing have shown that mobile fraud can reach up to 40% of all traffic. Our machine learning system and repeated testing can take that number down to a mere 2-3%, while delivering the best results on the market!

In all these years of experience, we’ve learned that bots and general traffic fraud is not a battle, but a long and ever-evolving war. Knowing the enemy is the most important thing. At, we’ve had time to watch every fraud trend come and go. But we did use our experience to trap them, trick them and avoid them altogether.

We’re a bitter seed for fraudsters and a tasty and wealthy strawberry for our clients. And we’re user friendly and fun, too. Whether you want to join our happy client portfolio or our crazy smart team, just drop us a line or a call!

Venkatesh CR, CEO, Dot Com Infoway


Mobile ad fraud is a matter of global concern that needs to be battled by the app world as one. Draining money from the pockets of app marketers into the growing pockets of fraudsters, fraud installs in mobile apps are on the rise and, often, mobile app marketers find themselves lacking in expertise to identify these frauds or prevent them until they have incurred significant losses.

Some examples of Fraudulent Installs

>> Install Farms – Similar to their fraudulent cousins – click farms, install farms hire large number of people to commit fraud by installing and uninstalling apps manually.

>> Emulators – Mobile device emulators can be single-handedly used to commit install fraud by simulating several mobile devices with just a single emulator. Now each simulated device can be used to install apps and will appear as a distinct device in your traffic.

>> Malicious Apps – Malicious apps pose a threat to user privacy and may be used to download user data without their permission. These apps pretend to be known apps and the users end up installing them, thinking of them as legitimate apps.

Ways to overcome fraud installs

>> Detecting fraud is the first step towards fighting it. It has been shown that fraudulent activity is higher in areas with high advertising spend such as USA, UK and Australia.

>> Keep an eye out for patterns. Too many installs from a single IP address or from the same device or unusually high uninstall rates and low conversion rates are all indicators of fraudulent activity in your account.

>> The second step is to prepare your fight plan against ad fraud. Do you have an ad fraud prevention policy in place? Have an expert research and design methodologies to be employed in case you find yourself a victim of ad fraud. It is also important to share information about any frauds so that the entire industry in forewarned.

>> When choosing your marketing partners, it is of utmost importance to only partner with reliable companies with strong ad fraud prevention ethics. Many companies even compensate their clients who are victims of ad fraud.

Nicolas Top, Controlling Supervisor, Mobidea

Nicolas Top-Mobidea

Affiliate Fraud is probably the most fearsome thing any respectable affiliate marketer can hear.

This is a non-compliance to the rules and this means fraud may not be exclusively concerned with traffic but also with the strategies used to draw traffic, the banners or pre-landers used, and even the documents affiliates upload on affiliate platforms.

The most popular fraudulent method is the creation of fake leads. These are affiliates who manage to create software which can mimic human behavior, generating a number of fake conversions on specific offers.

The term proxy sale is also familiar to many fraudulent affiliates. This basically means the affiliate has used a VPN to make it seem that they’re sending traffic from a country that pays more per conversion. The affiliate doesn’t promote the link: they simply try to deceive the affiliate program, making the Control Team believe the conversions are real.

You can learn more about Affiliate Fraud by reading this post!

It’s clear that fraud is a huge deal, with dark ramifications all over the affiliate marketing world.

The fight against mobile fraud is not only important – it is a clear priority for us here at Mobidea.

Moreover, since advertisers always want quality traffic, the Mobidea employees who dedicate themselves to this issue must be on high alert, coming up with new ways to catch and deal with fraudulent traffic.

In fact, we have an array of methods we use to prevent affiliate fraud:

  1. We analyze the traffic driven to Mobidea on a daily basis
  2. We check for abnormal ratios
  3. We use an internally developed tool to check the specificities of IPs and behaviors

These methods ensure that Mobidea now has the ability to prevent fraud like never before.

The proof?

We’ve deactivated more than 1975 accounts in 2016 alone.

The company focuses on how affiliates monetize. The Controlling Team goes into detail, analyzing every single affiliate, and how each user is currently leading to a particular advertiser’s landing page.

In fact, many affiliates don’t seem to understand that something as simple as creating a misleading banner is regarded as a fraudulent act.

If you’re not sure about the difference between misleading and non-misleading banners you should definitely check this post!

Our goal?

To continue dedicating a lot of effort and many resources to keep on fighting fraud,guaranteeing the best possible traffic for our advertisers every single day.

Valentine Bondarchuk, Chief Revenue Officer, Clickky

Valentine Bondarchuk-Clickky

The problem of the significant amount of mobile fraud and scammers’ ability to pass over security measures can be one of the reasons CPI ad campaigns are no longer in value. Last year we had to invest hard into our in-house anti-fraud solutions, as well as to partner with anti-fraud systems to ensure the traffic quality checks on every stage of UA. It is obvious that CPM advertising is even more vulnerable. Today, as we’ve been working way more in the Programmatic field in 2017, we understand all the risks and embrace the bigger responsibility before our advertisers and publishers by using anti-fraud solutions as well as in-house solutions developed with the help of our BI team to keep eye on anomalies and detect them ASAP.

Peter Majere, Fraud Analyst and Success Manager,

Peter Majere-Personaly

Fraud. It’s one of the top 5 words uttered by anyone in the mobile advertising industry, serving to show how widespread the phenomenon is. As I type, billions of clicks are generated every day without real, live, genuine users behind them, hoping to get through the defenses and walls of developers who try to protect themselves from this plague.

The figures range between $7.2 billion, according to AdvertisingAge, and $16.4 billion, according to CNBC, which are paid for fraud by advertisers every year. This is a real disease, making some advertisers think twice before entering the mobile advertising market, and the good news are – there’s a cure.

Let me introduce ourselves: is the agency for many of the world’s top developers and brands, providing them with several solutions in the realm of monetization and user acquisition. We are the pioneer company in the industry for Playable Ads, a mini game ad that loads on the user’s screen and allows him to actively experience the app before installing it. For games, the users are actually playing a part of the game, giving them a sense of what they’ll be downloading. However, Playable Ads are a great way to introduce not only gaming apps but other types of apps as well.

After gathering, studying and analyzing data of over 30 billion clicks, we here in have found several patterns that allow us to judge whether traffic is fraud or not. Most companies rely on web-based tools, whose detection range is limited to checking IPs, hoping to find old-school proxies which already evolved to bypass those protections. In the end, they either miss a lot of the other types of fraud, or set the detection bar too high, thus, blocking a lot of valid traffic. Based on our experience in fighting fraud, I will share some tips about how we detect fraud by having access to the device’s client side data, for example: brand, model, OS version, ISP, time zone, screen resolution, language and more.

Fraud isn’t elusive when you know where to look:

  • Any mismatch in the time zone or the language from the targeted location is alarming. Get too many of those and red flags are raised high.
  • Devices have specific screen resolutions. Comparing the data we have with the manufacturer’s specs allows to find mismatches that are judged as fraud.
  • Too much traffic from a certain ISP (internet service provider) along with similar device OS versions or models are strong signs that you’re dealing with bot traffic.
  • Time intervals play an important role as well. If the time between when the ad was clicked on to the time the app opened on the device is too short, that’s foul play. No internet is fast enough to download a 1.5GB game, install it and open it in 5 seconds.

Now we recognize the symptoms and know how to cure them, but that’s all done retroactively. How can we prevent the disease? Luckily, there’s also a vaccine. Automating the process of fraud detection is the future of the industry and the present in We have implemented our knowledge and expertise into tools that allow us to detect the device before it reaches the store and provides our system with 25 data points with which to decide whether the user is real or not. After launching our fraud-prevention system, many clicks have been caught and stopped before they could make a fraud installation. Further investigations proved that any caught click was indeed fraud, and by more than one parameter. As fraud progresses and develops, we evolve to find more patterns and wider aspects in order to provide a fraud-free experience.

Vlad Troy, Senior Account Manager, AdsMain

Vlad Troy-AdsMain

I’m in affiliate marketing since 2008. Started as a publisher I run through all types of verticals. In 2010 opened own network AdsMain. Till now continue to develop AdsMain in desktop and mobile advertising segment.

About mobile traffic fraud, I can tell a lot, but main points are:

1) Give offer links ONLY to your trusted sources

2) Co-operate closely with advertiser to monitor post install events and activity

Following these 2 rules will remove 90-98% of fraud. At least after quality feedback from advertiser you will know for sure.

Few more % can add by doing these:

3) Using good anti-fraud system that will automatically monitor user IPs, devices, agents and in-app activity time.

4) Make affiliate approval flow much tougher in order to sort out real good guys from them

5) Manual traffic monitoring and scanning for unusual staff that can’t be detected by anti-fraud soft.

6) Have longer pay terms in order to get more time to verify quality (usually have negative effect of total performance)


Tanya Dhir, Senior Business Development Manager, Tappx


More than a decade ago, Google’s CFO quoted fraud the “biggest threat” to ad economy and little has changed since then. As we advance into the mobile-centric digital marketing, the ecosystem is getting increasingly susceptible to ad fraud. According to a global report by Clicksmob in Feb’17, mobile games were the most targeted genre for fraud on its platform. Simple demand-supply phenomenon explains partially the rise in fraudulent activities in mobile space. Very few years ago, lower CPMs had kept the fraud away from mobile advertising. However, now as ad spend doubles down on mobile, demand has grown and rates have spiked. This, in turn, has made the business more exposed.

Mobile Ad Fraud-Tappx

Essentially, ad fraud occurs when ad impressions or clicks are triggered by a robot. The “forest-fire” impact of fraud points to the fact that prevention is a shared responsibility. It is everyone’s responsibility to have domestic measures in place to mitigate the risk of ad fraud.

Focusing on fraud detection and filtration tech indeed holds an important place. However, as a basic step, all the parties (publishers, advertisers or agencies) should ensure that their current or prospective partners follow and adhere to the right kind of policies to combat fraudulent practices. It is great for advertisers to ask agencies about their plan of action to make sure that their budgets are securely utilized. Agencies should ensure that source of traffic is not random and cheap. Publishers can make world of difference by avoiding buying un-qualified traffic (may be by mandating certain parameters at source).

According to the latest Bot Baseline Report, sourcing traffic from inorganic or cheap sources is still the major risk for fraud. The report said 3.6 times as much ad fraud came from sourced than non-sourced traffic. But the good news is that this report suggests that the Economic losses due to bot fraud are projected to amount to $6.5 billion globally in 2017, down about 10% from the $7.2 billion estimated for 2016. This is definitely a silver lining and a powerful sign that the crusade against bot fraud can still be won.

Fraud prevention, being one of the founding stones at Tappx, we have kept it simple and effective. We believe in carrying out timely audits of the data recorded and referring it to the unique user persona we have gathered during the course of our operation and look up to DMPs for validation. With 0-tolerence to fraud, we do not hesitate to raise fishy activities to our partners and work around to get rid of such inventory immediately.

Galina Moiseenkova, Head of Advertiser Management, Stroeer Mobile Performance

Galina Moiseenkova-StroeerMobilePerformance

As soon as mobile marketing became one of the largest and most fast-paced industries, we started hearing about more and more breaches with regards to compliance. The sad truth is that there is no 100% fraud-free service nowadays, and every day brings new fractures. So it’s becoming crucial, for both product owners and service providers, to be aware of that, and to be ready to proactively “detect, prevent and protect”.

We can talk about types of fraud and potential ways of fighting each of them for hours, and it’s still not be fully covered. There is always simplicity in complex situations, therefore I would like to focus on several simple rules in relation to any non-compliant traffic that can be easily followed.

  1. If it’s too good to be true – most probably it’s not true.

It explains itself: if there is suddenly a significant increase in delivery and the quality of the users looks great, we definitely take a closer look and dig deeper into this traffic. We could be potentially talking about organic users attribution here, or any type of “smart” bots, etc.

Needless to say, that if performance looks bad in general (low click-to-install CR, low user engagement, high uninstall rate, etc.) – this should be taken care of asap. It might not necessarily be fraud but just low quality or non-targeted traffic, however no one wants to pay for that either.

  1. Sharing is caring.

Easy as it sounds: as an app developer – test and work together with your traffic partners, help them understand your expectations, ask them which parameters they are analyzing and tools they are using to detect unwanted traffic, share as much real-time data as possible (for optimization). As a service provider – disclose as much information as you can regarding your traffic sources, double-check and hand-pick publishers before testing them, monitor performance on daily basis within your BI, MMP and/ or any specialized fraud-prevention tools. Both sides should be ready to give heads up to each other in case any suspicious activity is detected, in order to use it further and not fall in the same trap.

  1. Forewarned is forearmed.

Knowing the latest market trends, following the news, staying updated and alerted, talking to your business partners – all this helps avoiding unpleasant situations.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve − 3 =