Fraud Prevention in the Mobile App Industry


Mobile advertising is now seeing a lot of growth, especially in the past few years. As you can imagine, this does bring in quite a lot of revenue. But then again, this also seems to encourage Fraud as well. Many mobile attribution companies state that lots of money have been lost solely on advertising during the past 4 years and the issue is continually expanding and growing.

What type of fraud can we see in mobile advertising?

That depends on a variety of factors for the most part. In the case of CPM for example we have layered ads, hidden pixels and autoplay videos. Many of these are hidden things that the customer doesn’t really see or they don’t have control over. The advertiser still has to pay for these campaigns, and in the end they spend quite a lot of money on stuff that they might not be able to see again as a return.

For CPA things are a bit different. The type of fraud you will find here will mostly be automatic redirects and misleading advertisements. The idea is that these are designed to either not require any clicking or to make you click just to access fake buttons and stuff.

These are all unlawful advertisement techniques that should not be used.

As for the CPI Fraud, here you can find lots of different approaches. You first have bots and device emulators which are known for being very problematic. Then there are click farms, downloads that are made by real people with more than one device and they get paid for that. Of course, there’s also maliciously incentivized traffic too.

The reason why these fraud approaches appear is because mobile advertising is a lot easier to manipulate when compared to desktop. And they take advantage of that by bringing in unlawful campaigns like these which are not good at all. There are multiple issues to deal with here, and it’s crucial to learn how to deal with them as fast as possible and with good results.

How can you detect any changes created by CPI Fraud?

There are multiple ways you can try to figure out if you are encountering CPI Fraud or not. First, there’s a specific variation in the device type distribution. Also, you can try to check the click to install ratio as this will allow you to identify click flooding and hijacking, things that do tend to appear in situations like these.

Of course, you can also check the CR metrics. This is one of the first metrics that will let you know you are dealing with malicious traffic. There’s the intervals between actions, be it too short and too even, you might be dealing with CPI Fraud. The idea is that you need to know app averages and when you see that something goes up too fast without you doing anything via campaigns, it’s definitely a red flag. But if you have lots of traffic and apps, then you do need to automate the blocking and analytical process.

You do have CPI Fraud tools that are standalone and easy to use like Machine, Forensiq, MaxMind, and FraudScore which will help you.

At Creative Clicks, in addition to work with external anti-fraud tools like Machine, we have developed our own AI algorithm to combat fraud. Machine learning integration is a very good idea and you should check it out if possible. You do not want to upload data manually from other tools, machine learning will be a great assistant tool for this kind of stuff. The Mobile Acquisition Analytics tools tend to have anti-fraud, so that’s definitely something that you need to check out and keep in mind.

Here you will find a quick list of mobile attribution platforms which also include some of the most efficient anti-fraud tools.


Kochava is great because they have a fraud console to their toolkit. This console comes with 13 reports and they will flag all possible signs of fraud. As a mobile apps developer, you need to work with this kind of stuff and that will really help a lot. The reports include things like anonymous installs, ad stacking clicks, platform click and install mismatch, GEO click to install delta, mean time to install and time to install or high click volume IPs and devices. You really have to understand the situation and actively figure out what you need to do in order to move onward. Kochava will help you identify as well as eliminate all these unlawful attacks at a very professional level. They work great with this and the value as a whole is really nice.


What makes Adjust great is the fact that it’s very comprehensive. It does have not one, but two algorithms that will help you with CPI Fraud prevention. It will reject the detected fake installs, it has click spam analysis that checks CTIT and the number of clicks that you get from a single source too. And yes, it will also check IPs against VPN IP lists to ensure that there are no unlawful CPI Fraud attacks.


Protect360 is known for being a really CPI Fraud prevention app and you will like using it because it’s super comprehensive and reliable. That being said, you will notice that they have a very large list of IPs and devices that are targeted and fake installs are excluded from the analytics. Then you have conversions, multi-touch and CTIT checkup. Protect360 goes even further by validating installs for iOS and revenue transactions on both iOS and Android too. They will even block installs from malware based bots, be it server based or on the device. Everything is done in real time and you have a comprehensive report solution that will help you avoid all of that without any hassle.

Can machine learning algorithms be able to help you?

That usually depends, but most of the time machine learning is great to fight against CPI Fraud. What it does very well is that it allows you to fully identify traffic behavior changes a lot faster than you might imagine. You will also see that there are major changes in the distribution type, suddenly one type of device will have most of the installs and downloads. And that can obviously be CPI Fraud.

Then there’s machine learning designed to help you study the click to install ratio designed to detect any install hijacking or flooding. Unfortunately these things are rather prevalent and problematic, so tackling them at the right level is what you really need to focus on and it does tend to work really well. The CR metrics are important too. Machine learning will study them to see if there’s any part of malicious incentivized traffic, something that seems to be quite the problem at this time, but one that can be handled.

The main issue for a lot of app developers is that fraud prevention can be tricky if you have lots of installs and more than one app. Sure, if you focus on that app’s stats every day you will identify this without any tool. But more often than not you will be unable to identify any issue because the fraud is a lot harder than you might imagine to spot via all those legit installs. That’s why CPI Fraud tools tend to use machine learning because they study how the app statistics and analytics are. Then it will automatically figure out what signs of attacks are there and you will know as fast as possible. This kind of stuff is very important and that will surely bring in front quite an amazing result.

Should you analyze the behavior after installation?

This is actually one of the best ways to identify CPI Fraud. That’s because you will immediately notice any changes or none at all actually. All these little things are super important to understand and tackle at the right time. That being said, it does take a little bit of time to figure out how to handle and manage everything, but it will totally be worth it in the end. Plus, the higher you go in regards to the conversion funnel, the more challenge is for the attackers to fake human behavior.

Sure, they can fake the installation data, but if there’s no interaction with the app after downloading, then this is clearly CPI Fraud. Some people might not open the app at all for a while, true. But more often than not they will end up opening the app and interacting with it, be it out of curiosity only. So it does make a lot of sense to know how to manage these things and how you can handle all of that with great success.

Basically, whenever you see that a lot of traffic comes from the same source and there’s no real app activity from those users, that’s clearly CPI Fraud and you will need to flag it. That’s why one of the best ways to boost your revenue is to clearly focus on what customers do after they install the app. That will clearly cover everything and tell you what you want to know in regards to any fraud and other issues.

Which is the most problematic type of CPI Fraud?

As we talked above, there are a plethora of CPI Fraud types, and each one of them can bring in issues. But the main challenge for a lot of people comes in the form of smart server farms and install bots. Unfortunately, these are very common and they feel like real downloads, but they are coming from bots that will automate the installation. Some bots are actually able to reinstall the app even if it was already installed.

What you can do in this situation is to try and link the installation with an identifier for that device. If you have a device ID accessible, you will find it a lot better because you will identify CPI Fraud immediately. The problem is that hackers can try to create different IDs for the same device. And that might make this approach a bit obsolete. But it’s still worth a shot as not all hackers will go through the trouble of doing that to begin with. So it’s important to at least test it out if possible and then you can go from there. IPQ has a good device fingerprinting technology that you can use to identify any sign of device ID fraud. This might offer the help and assistance you need with this kind of attack.

How often can you deal with CPI Fraud?

The main problem that comes with CPI Fraud is that you rarely know when it’s coming or where it’s coming in from that matter. It’s important to understand the source before you encounter such an attack, as that can be a true challenge on its own. But with the right approach and a good focus on eliminating any issue, you will be more than fine here. Taking your time is a necessity because you want to find the true source of CPI Fraud.

Using the methods above makes a lot of sense because it works seamlessly and with help from CPI Fraud tools, you will be able to acquire better and faster results. Sure, you can try to identify the issue manually, but the reality is that this can take a lot of time.

With help from CPI Fraud prevention tools, you will find that machine learning can deliver amazing results and the ROI can be second to none all the time. It does bring in front a really good way for you to keep CPI Fraud away from your app. And while these issues tend to be more and more common, you will have the upper hand when it comes to dealing with such problems to begin with. That’s why using CPI Fraud tools is a necessity more than anything else, so try to consider that as soon as you can!

/* implement pixel */