Practical Advice in Dealing with Mobile Ad Fraud

By Etienne de Guébriant | September 17, 2018

Etienne is currently Head of UA at Gazeus Games. Previously he was the UA Team Lead at Etermax. From professional Gamer in World of Warcraft to developing his own app, then moving to AdColony and finally working at Etermax – Etienne’s career has always been driven by his gaming passion.

Learn more from his Mobile Hero profile.


As we know, as the mobile industry keeps growing year by year, so too does mobile ad fraud. The battle against mobile fraud is something that will always be present, and as advertisers, publishers and networks, it’s up to all of us to fight it. For not only do we—mobile app marketers—take the hit, but the industry as a whole does too.

In the mobile user acquisition ecosystem, with such large budgets spent on paid user acquisition, fraud is inevitable. It’s hard to properly attribute the source of every single user we acquire. But if we can limit the impact of mobile fraud, it’s a must in order to be an effective UA expert.

These are my tips and tricks to deal with mobile ad fraud, from selecting new partners to analyzing user activity and making a proper diagnosis of what is fraudulent and what is not.

The Full Picture
Fraudulent activity always leaves a “footprint”, and this footprint is what we have to constantly keep an eye out for in order to see the full picture. The footprint allows us to trace mobile ad fraud straight back to the source.

Every interaction in the mobile ad environment is made up of 3 things: 1) the user, 2) the device, and 3) the action. To identify fraudulent activity, you will want to closely examine all three. Is it a real user or a fake one (bots and emulators)? Is it a real action or was it manipulated (malicious scripts)? Is it a real device (servers hacking the advertising attribution funnel)?

Choose Your Partners Wisely
To be effective in limiting the impact of mobile ad fraud, collaborating with ecosystem partners is key. But not all partners are fully prepared to deal with issues of fraud. So knowing what to look for in choosing your partners is key.

  • Let’s start with selecting and testing new partners. Questions you will want to ask yourself include, “who are the best companies in the industry that can help me lose as little budget as possible?” When choosing a demand-side platform, “what companies are known for delivering high-quality users from quality traffic sources that we otherwise wouldn’t have access to?”
  • Some other key questions you may want to ask of your current and potential partners:
  • How transparent are they? Transparency is key in order to see exactly where your offer is running.
  • Do they have a direct relationship with the publishers or are they rebrokering? Avoid getting your campaigns rebroked, it’s a really high risk, low reward situation.
  • How is their inventory segmentation and what ad units are they working with? This will allow you to see if their metrics match the standards of the industry per ad unit including banners, videos, and playables which all have different metrics.
  • What’s the percentage of iOS vs Android, in-app vs mobile web? This allows you to see if their inventory has premium publishers or it’s mainly composed of utility apps, etc.
  • How much time does it take for the partner to pause campaigns? If it isn’t immediate, ask why. A partner that cannot immediately pause a campaign is a clear indicator that they are likely rebrokering, which you want to avoid as they can be more prone to fraudulent activity. If they have a direct relationship with publishers, simply flipping a switch from on to off should be fast.

Talking with people in the industry about a partner you are evaluating is always a good idea, especially other publishers or clients. Plus, you will want to be upfront and clear with potential partners about your attribution rules, such as click-to-install-time (CTIT) and window of attribution so they know exactly what they’re dealing with. I would suggest going with the standards – flagging anything before 15 seconds CTIT as suspicious as well as flagging any install coming 1 day after the click.

Monitoring Campaign Performance for Signs of Fraud
Once your campaign is live, the fun part begins – monitoring performance and looking for signs of fraud. You want to make sure that you can compare and analyze all the metrics per network, publisher, geo, platform and ad unit. This will help you get granular with your data and more easily identify anything that looks atypical.

Compare installs, clicks, and impressions with the share breakdown of each. If you have an ad network that’s generating 90% of the clicks while only generating 1% of the installs, this is a red flag and should raise questions (everything points to click spamming). All metrics should be put under this type of analysis. For instance, take CTR – is the average CTR extremely high? Are they firing clicks over completed videos? Is it incent traffic? Look for abnormalities in your data and compare against industry benchmarks.

The Importance of Time-to-Install (TTI) in Identifying Fraud
Time-to-install (TTI) is one of the most important metrics in identifying fraudulent installs because it’s really hard to fake. Compare the TTI of networks to check for abnormal behavior. Run TTI analysis per pub and per channel using a histogram. I also recommend splitting installs into four TTI buckets: 0m-3m, 3m-1h, 1h-d, 1d+. You want to be able to calculate the amount of time between an impression and a click that was generated by the same user. Ad impression to click time anomalies will help guide you to uncover fraudulent partners.

In addition, checking the average clicks per unique device ID is also important. I look at all the device IDs and compare the average between networks, and then look for networks that are generating a high volume of clicks from a single device ID. Renewing the click attribution every week is a pretty common way of generating fraud. A simple formula is to take the total amount of clicks divided by the total amount of device IDs. There should not be any cases of the same device ID firing multiple clicks since it wouldn’t make any sense for someone who’s already seen the ad to click on it repeatedly.

Comparing Normal vs Abnormal Behavior in Your App
Another important aspect of dealing with fraud is making ratios of different user behaviors and comparing them by the source. A comparison I like to analyze is the behavior of organic traffic vs the behavior of my paid installs.

For example, I will take the average level completed per user in the first week of installing Trivia Crack and divide it by the average number of minutes played to get a ratio. I will then use the ratio to compare the performance of my UA partners. This gives me a more thorough understanding of my traffic sources and helps me identify partners that may be generating a high volume of fraudulent traffic. Any ratios that measure “normal behavior” amongst a specific cohort of users will help you identify partners that are driving real users, or not.

Limiting the impact of mobile ad fraud is no piece of cake. But with the right partners, access to your data and a little ingenuity, it’s doable. Break it all down by partner, geo, OS and publisher. Getting granular with your data is key to achieving success against fraud, so don’t hesitate in going deeper even though it often requires a lot of work. The effort is what makes the difference between being a good growth marketer and a great one.