This is the first in a series of deep dives from AdExchanger on mobile fraud and mobile data quality, including guides to fraud tactics and threat vectors and practical solutions from advertisers in the growth and user acquisition trenches. Read the second story (“Mobile Data Has A Quality Control Problem“) and the third (“Anatomy Of Mobile Ad Fraud: Web Vs. App“).
Ad dollars are flowing to mobile and fraudsters have noticed.
App-install fraud alone is estimated to have cost mobile marketers around $2 billion last year, and while it’s difficult to pin down exactly how much mobile ad fraud is happening across the entire ecosystem, upward of 40% of mobile app inventory is fraudulent (Marketing Science), and nearly a quarter of mobile ad networks have fraud levels over 20% (Tune).
As a result, some of the more sophisticated advertisers are scrutinizing their partners, and they don’t like what they see. Expect more lawsuits a la Uber, Fetch and Phunware as the year progresses.
But while lawsuits make good headlines, they won’t fix the root issue: The mobile performance industry is highly vulnerable to fraud and the only way to effect change is for everyone to get wise.
Misaligned Incentives
Although the tactics that fraudsters employ can be complex, the basic mechanics of ad fraud are simple, regardless of the environment.
Fraud is linked to the payout. If an advertiser pays on CPM, the fraudster spoofs impressions. If an advertiser pays out on cost per install, the fraudster creates a fake install or steals credit for a real one.
App advertisers have historically pursued growth at all costs. User acquisition managers are encouraged to get the largest possible amount of new users at the lowest possible price, and although most apps will say they prize lifetime user value and downstream actions over sheer volume, the industry is still addicted to download counts as a measure of success.
In turn, ad networks constantly seek new sources of supply to meet that demand, and sometimes they’re less than diligent in vetting their sub-publishers.
“These perverse incentives are built right into the marketplace,” said ad fraud researcher Augustine Fou, whose indie consultancy, Marketing Science, advises brands on digital marketing tactics and fraud reduction.
Traditional enterprise brands aren’t helping the problem, either. Many aren’t adept at mobile programmatic and get hoodwinked into buying crappy inventory and low-quality mobile audiences.
Brands are starting to realize they’ve got a problem, though. A recent AppsFlyer report found that 39% of advertisers and agencies admit they don’t know enough about mobile ad buying.
“But they aren’t tackling the problem in any sort of systematic way,” said Forrester senior analyst Susan Bidel. “They aren’t looking at who the suppliers are or thinking as much about which partners they need to work with to get better control over their mobile activities.”
And all of that that makes it easy to stick with the status quo.
“It drives me crazy when buyers don’t ask questions and don’t troubleshoot,” said Belinda Smith, global director of media activation at Electronic Arts.
Getting Smart
But some advertisers make it their business to ask questions, and others should take a page from their playbook.
Hardcore performance advertisers such as game developers, especially the free-to-play guys, are among the savviest when it comes to digging into the numbers, said Saikala Sultanova, director of user acquisition at Ubisoft.
“We’ve got to be meticulous,” she said.
Although Ubisoft pays for the majority of its campaigns on a CPI basis, Sultanova and her team know exactly how to calculate the value of a newly acquired user by looking at in-app events, such as completed tutorials, in-app purchases or first-time purchases, and tying them to ROI.
Ubisoft and its attribution partner AppsFlyer look for red flags in the reporting, like too many installs coming from the same IP address or super-short download speeds.
Fraud can manifest itself differently depending on the app, Sultanova said, which makes it vitally important for advertisers to know their numbers.
“There is no one-size-fits-all solution out there to fix this, no switch you can flick to delete all of the fraud,” she said. “You need to know things like how long it normally takes for your game to report an install, you need to know how many clicks it usually takes for a download.”
Measurement Headache
Desktop fraud measurement tactics, like cookies and JavaScript, are useless in apps, where most of the fraud isn’t necessarily perpetrated by bots.
Measurement is also becoming increasingly hamstrung on the mobile web with initiatives like Apple’s Intelligent Tracking Prevention for iOS 11 that limits visibility into around 30% of mobile browsing in the US and makes it difficult for marketers to know if their campaigns are fulfilling their KPIs.
But app-install fraud is particularly tricky to measure because finding it is an “inexact science,” said Dan Koch, CTO of mobile measurement provider Tune. The best way to detect it is through pattern recognition and hunting for actions and events that may not always represent fraud in specific cases but are dubious when viewed in the aggregate.
Fraudsters are adept at sneaking into these cracks.
For example, it’s possible but not probable that someone will suddenly decide to download an app six days or a week after clicking on an ad. What’s more likely happening is a case of click injection, in which a bad actor swoops in to take credit for an organic install at the last moment.
The buying metrics that advertisers use for their install campaigns add to the murkiness. When advertisers run campaigns on a CPI basis, they’re basically broadcasting to the fraudsters exactly what they need to do to get paid.
“Click spam works even better on CPI than cost per click because most people don’t even know they’re being defrauded,” said Andreas Naumann, a fraud specialist at app attribution vendor Adjust.
Some more discerning advertisers are starting to pay out on cost per action, like download plus first open. But even that won’t help, Naumann said. The fraudsters will just spoof the first open.
So what are advertisers supposed to do? Analyze KPIs all along the user funnel, look for anomalies, keep tracking downstream metrics and stay vigilant.
“It’s an unpopular answer, but the silver bullet doesn’t exist to fix this problem,” Naumann said. “The real fix is to realize that you need to pay attention to what’s happening from the first impression all the way through to the hundreds of events that happen after the install. There’s just no substitute for that.”