• by Laurie Sullivan  @lauriesullivan, August 27, 2019

Digital app install fraud, for which companies falsely get charged, has become increasingly common.

Cleartrip, an online travel company, experiences fake app installs all the time. “Literally, a few seconds ago,” said Ronak Jain, mobile and growth marketer at Cleartrip, when asked about the last time the company experienced app install fraud. “Fraud is a challenge in our industry and every day we see a new type.”

There are multiple ways that hackers commit fraud such as injection, pushing malware in the app, and faking app installs on devices. “They take the claim for the attribution,” Jain said.

Digital ad fraud for mobile and in-app advertising will cost advertisers up to $42 billion this year, and a total loss from fraud will reach about $100 billion by 2023, according to Juniper Research. 

Developers pay the ad networks each time someone downloads and installs their app via an ad, forcing companies like Singular to step up and invest more in their technology to detect when the app doesn’t actually get installed. It also detects if the install is faked on a virtual device.

“We are much more evolved in terms of [putting in the] safeguard from fraud,” Jain said. “We generally pay on the purchase event CR on the Install. If it was a pure install game, it would harm us in a big way.” 

Still, finding fraud on Android devices remains challenging. Existing solutions rely on probabilistic “tests” designed to determine with some level of certainty whether a particular install is fraudulent. Some of those tests include analyzing the time between when someone clicks on an ad to the time they open the app.

Tests can blacklist public IPs or proxies, fingerprint the CPU to determine whether it is a simulator, check for sensors, and more.

While these are all good methods, according to Singular, they are not good enough to prevent highly motivated fraudsters from running large-scale, profitable app-install fraud campaigns.

Singular uses all of those tactics, but it also developed a deterministic method to prevent Android fraud at the time the app gets installed on the device.

Every legitimate Android app install will trigger a set of server communications to the provider, such as Google Play. Then it stores the responses from associated communications on the device. Having the ability to surface and parse these files, along with activity time-stamping and other information about the device, enables Singular to make a deterministic call on the legitimacy of the install. 

Last week Singular released what it calls a deterministic Android Install Validation tool in an updated prevention suite that features iOS install validation and hyper engagement, which is used mostly when fraudsters flood ad networks with fake clicks to gain credit for an app install or a conversion.