Fake clicks have a new look and new name — click injection — and they only occur on mobile devices running Google's Android operating system, according to findings released Thursday.
Click-injection fraud — which can appear as "legitimate advertising interactions to marketing analytics systems" — is forecast to become one major form of mobile marketing fraud in 2017, according to Andreas Naumann, fraud specialist at Adjust.
This type of fraud usually occurs when someone installs a free app on their phone, like a game of solitaire, only on a device running Android because it occurs during the broadcasts — a feature of Android OS, which is presently not mirrored on iOS. It can affect any advertising campaign targeted at driving mobile installs priced on a CPI basis.
Status broadcasts are sent when apps are downloaded, installed, or uninstalled. This creates a tight connection between different apps by allowing apps to do things such as making it easier for users to log in with a deep link.
Naumann describes in a blog post how he first identified this type of fraud. He explains that while patterns are visible in the average time it takes between the moment a user clicks on an ad and when a user installs the app, if marketers look at the length of time between clicks and installs, they can identify affected campaigns.
"In mobile analytics, we usually say 'install' to refer to the first open," he wrote. "Measurement SDKs can’t measure installs any sooner than this because the SDK code can’t run until the app is opened for the first time."
The person committing the fraud injects the click once the app has been downloaded. The hijacked device will open the app normally, but the click will appear to have been made within a much shorter period of time between the click and the installation of the app.
He explains that the lag time differs for every user and for every app, and says regular click-to-install times are usually distributed, but there's an app average determined by the size and type of the app.
"If you’re running a lot of CPI campaigns on multiple different ad networks, especially in higher-CPI markets like the U.S., you have a higher risk of exposure," Naumann wrote.
This column was previously published in the Search Blog on January 19, 2017.