Due to developing countries such as India, Brazil and China the worldwide mobile market continues to grow rapidly. According to industry research and stats, these countries will bring more than 400 million new users ,in the mobile scene during the following years.
Companies that intend to bring in revenue streams with an App, need to know that the most important component is — the user.
The more users an app engages, the more money can be made.
However, the user acquisition process has its pitfalls, where fraudsters can harm your traffic quality/ channels therefore your revenues.
ClickSpam is a known, but complex attribution problem in the performance marketing scene. In a few words: ClickSpam means that a fraudster uses an app (e.g. Flashlight App) to steal organic users and attribute an app install, to himself in order to receive a commission.
We want to showcase this complex fraud case step by step with an example:
Flashmo Mobile Fraud App
- User installed Flashmo App from the Appstore
- During the App Usage or even in the background Flashmo sends automatic clicks to the MMP / Advertiser for various offers
- Days later the user installs one of the popular apps. Because of the previous Clicks and the associated Device this conversion gets attributed to the Affiliate that owns the Flashmo App.
- The user creates activities and spends money in the App and KPIs look very good.
How to identify ClickSpam ?
When Click Spam occurs, analysing session time is a major factor to recognise it. Session Time describes the time between a click and the install.
You should notice that conversions are not coming in, within the first hour as normally expected. Instead conversions appear with randomly distributed Click to install times that span across the the whole or even multiple days
In the picture below, you can see the difference between fraudulent and good quality traffic inside of FraudShield.
Normal Session Time Distribution
ClickSpam Session Time Distribution
Server Side generated ClickSpam (update)
The difference from traditional Clickspam is that Clicks are not directly triggered from the Mobile Device. The Fraudster will instead send real Device Ids to a database and from there send server side generated Clicks to the MMP. This clicks including their Device ID get then stored on the MMP side and when the user installs the app – the conversion will be attributed to the Fraudster.
By running his own database of real Device IDs the Fraudster has two advantages:
- He is in full control when a click will happen and how often he wants to trigger a click from this device
- He does not need access to the device afterwards. He can even generate clicks under the Device ID of the user when the smartphone is turned off.
- He can decide to spread his fake clicks across as many apps as he wants.
What can be done against this new type of fraud ?
Sources with high amounts of VPN / Server side clicks shall be blocked before reaching the MMP / advertiser. This can be done automatically through Clickshield.