Mobile bot detection – moving down the funnel

Mobile user acquisition fraud is a huge problem, and has only gotten worse in the past few years. Recent studies from mobile attribution companies AppsFlyer and Adjust have pegged the amount of damage caused to app marketers at approximately $4.9 billion for 2018, with bots and malicious automation now comprising the most significant portion of that loss (SDK spoofing, fake installs &  device farms are all forms of bots). The uptick of mobile ad-fraud has also given rise to a growing number of companies offering different solutions to this threat. But despite the growing adoptions of these tools, the problem continues to accelerate. So it seems that in order to solve mobile ad-fraud at a deeper level the industry requires a paradigm shift.


The current status quo


The current solutions – offered by both the attribution vendors as a premium package, and by specialized third party vendors, are focused on detecting fraud at the top of the funnel, on the supply side. Performing a big-data analysis on the traffic from various channels, these solutions will look at metrics like the distribution of IP addresses, device ages, battery levels and so forth. When a sub-publisher pops as an anomaly (e.g unrealistic CTR) they are able to detect and flag it, and in some cases block it in real time. There are a few main problems in this though that can be exploited by fraudsters –


  1. There are technical limitations around ad tracking, prohibiting the fraud detection vendors from collecting enough data from the publisher side. In web surfaces there are cross-domain iframes that prevent trackers from collecting many data points around browser integrity and behavior, while in mobile the ability to track these data points is virtually non-existent.
  2. It is extremely difficult to get a ground truth of how who are the real users, and so fraud detection systems have to focus on aggregate metrics per publisher/network/channel.
  3. Because they work by aggregating big data from every channel, most fraud detection systems will only be able to detect fraud after it happens which means buyers will have to negotiate refunds, which leads to a very problematic “he said she said” dynamic.


Moving down the funnel towards a zero trust mitigation


By moving the conversion event from the install event (or first open) to specific post install events like game tutorial completion or registration, and stopping the fraud there, app marketers can take the fight to their home court and solve it in a much deeper level. There are a few key advantages for this approach:


  1. On first party data there is access to all the sensor data, device metadata and behavioral features that are impossible to collect from the sell side.
  2. On first party data advertisers know who their real users are and how the interact with their apps. This allows for building very robust anomaly detection systems around these in-app flows.
  3. It is now possible to detect and block the bots and fraud before they reach the conversion point, eliminating the need for negotiations with the sell side over the legitimacy of traffic.


So by building models of how authentic users interact with a buyer’s app, at the sensor level data, and building anomaly detection systems around those data points, it is possible to build a very robust detection system.


Mobile app install fraud is a solvable problem. The key lies in building a barrier that is so hard to circumvent it reaches the point that fraudsters can no longer effectively make money as the cost of creating adversarial models outweighs the potential gains.

Leave a Comment

Your email address will not be published. Required fields are marked *