Ad fraud

How sure are you about the quality of your mobile ad traffic source? With the rising cases of mobile ad fraud, it’s important to monitor a few key points that can help advertisers or marketers save their marketing spends from going in the wrong direction.

Here are some quick pointers to help you with that!

1) Installs from the same IP address, network type & device model

While running a mobile ad campaign, suppose you start getting multiple app installs from the same IP address, network type and device model,  it could imply a case of fraud traffic. Whenever you notice such a peculiar trend in the course of your campaigns, you should immediately evaluate the traffic sources responsible for it. Chances are that they’re giving you fake traffic and burning a hole in your pocket.

However, it must be noted that this is not a hard and fast rule. There are few exceptions here. Say for example, four users share a common wifi network to download and install the Zomato App. Even though these are genuine app installs, there are chances of them getting attributed as fraudulent app installs.

2) Replicating installs with single click

Another common case of mobile ad fraud is install fraud. This happens when fraudsters or hackers simulate downloads of apps to make it appear like real installs by genuine new users. Sometimes, hackers or fraudulent traffic sources can get hold of the install postback URL and replicate installs, which cost marketers big dollars.

For example, fraud traffic could show you 10 installs of a particular app for a single click install. So, you’re actually getting one valid app download and the other 9 are fake.

The easiest way to track this kind of fraudulent activities is to check the Click ID of the installs. If you notice that all the installs are coming from the same Click ID, it’s a case of fraud.

3) Ad fraud using fake unique device identifiers

Cyber criminals have also found a way to commit mobile ad fraud by generating fake unique device IDs. Every device has a unique device ID. For iOS it’s called the IDFA and in the case of Android, there are unique Android IDs for each device. In some cases, hackers indulge in mobile ad fraud by using manipulative tools to create fake unique identifiers. However, most SDKs are equipped with advanced algorithms that allow only unique IDs to pass through their detectors.

4) Odd timing of Installs

Suppose you’re experience a high rate of installs (above 20%) from a traffic source only during night or late hours of the day, it could also hint towards some suspicious activity. The most apparent cause for this could be that your traffic source is not acquiring users from your targeted geographies and you’re still getting charged anyway. So, it’s important to monitor the timezone differences (be it Asian or American time zones) of the countries you’re targeting for your campaign.

Of course, you can ignore this possibility if your targeted geographies have a different timezone, in which case, it could be a valid app install.

5) Poor retention from a traffic source.

You can also make use of Retention Cohorts to identify cases of fraud installs. If you notice that the retention rate from a particular traffic source is really poor or quickly fluctuating from a higher limit to lower limit, it’s time for you to monitor your traffic source. Other factors that can be looked at are low app usage frequency, no purchases by users acquired from a particular traffic source and other in-app activities of users. Monitoring such activities can also help in pinpointing bogus sources.


Need some help with detecting mobile ad fraud? Learn about the advanced detectors and algorithms of mTraction’s Fraud Analytics feature  that helps advertisers in putting a stop to fraudulent activities.

To learn more about mTraction, just drop me a line at

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>