Earlier in our in-app fraud series, we discussed SDK spoofing. Today, we’re going to review two additional types of in-app fraud — click flooding and click injection.
For app developers looking to increase their install rates in the most cost-efficient manner, cost-per-install (CPI) campaigns seem like a great way to maximize marketing budgets. CPI campaigns allow developers to pay for ad impressions only when a user actually installs their mobile application. However, bad actors in the ad industry are taking advantage of these types of campaigns and taking credit for organic app installations they had nothing to do with.
What is click flooding?
Click flooding, also known as click spamming, is a type of fraud that occurs when bad actors report a large number of fraudulent clicks in hopes of taking credit for organic app installations. Not only does click flooding cost the advertiser valuable marketing dollars for an organic app installation but it can also affect the advertiser’s ability to evaluate the effectiveness of their marketing campaigns.
How to detect click flooding
The first metric a marketer should check to detect click flooding is the click-to-install rate. Look for red flags such as low click-to-install rates or exceedingly high numbers of clicks for each install. Be sure to check trends over time and compare to be sure. According to AppsFlyer, sustained install volume over a long period of time can also be a red flag that click flooding is occurring.
What is click injection?
Click injection takes place when bad actors use Android’s system broadcasts to detect when an app is being downloaded on a device. The bad actor then injects a fraudulent click right after the installation takes place so they receive credit for an organic installation. This sophisticated form of click spam is particularly insidious because the user’s device is hijacked to net a CPI payment for the fraudster.
How to detect click injection
The easiest way to detect click injection is by comparing the timing of a reported click with the first launch of the app. Many times when click injection is taking place, the timing of these events will be very close. The theory is that it’s nearly impossible to download a large app and open it in such a short period of time. In cases where the timing seems too close together, fraud should be investigated.
For more information on in-app fraud, check out the other posts in our series:
This article was written by Courtney Touchstone, product marketing manager at SpotX