Mobile ad publishers are generally confronted by reports of fraud app installs.
For example, when running an ad campaign for a new game app, the marketers are paid on a performance basis. The one who gets the user to install the app gets paid, of course, within the time framework of the campaign. Fake installs usually mean that the publishers of the apps will carry the cost.
Adjust just launched a solution to this widespread problem which only became worse last year. According to the company, such fraud is so rampant that it affects 80 percent of installs for any app campaign.
The practice has come to be called ‘replay attacks’ or more technically, ‘SDK spoofing.’ By Andreas Naumann’s words, one of Adjust’s Fraud Specialists, SDK spoofing is the latest fraud affecting app installations.
Before now, fraudsters would study the communication from new app installs and then copy it. After an app install, the SDK would grab some data from the user’s phone. In the process, it would pass a URL to the company verifying installs for advertisers. The URL would contain both dynamic and static data, specific to the user’s phone.
Naumann says that the fraudsters knew how to generate the data as if an actual install happened when it did not. They – the cheats- would send fake URLs from a hidden transmitting device and if this were not noticed, the publisher would pay for what looked like real installs.
‘Makes a fool of all of us’
The Ad Measurement Company has been working to detect this kind of fraud. However, the fraudsters have upped their game. Naumann says that fraudsters have begun creating fake URLs only they come from real devices, on real apps, both Android and iOS. They use computers to create the counterfeit communications and then transmit them through real apps. Typically, one phone sends just one communication from one app. As a result, there are many fake install messages because they rely on many apps.
According to Naumann, the phone owners do not know what is happening, so one wonders how fraudsters access the phone user’s apps. It could be that they rely on malware in those apps.
‘Anyone can guess where these apps originate,’ he said.
In 2017, the company rolled out a new and free solution to this kind of fraud. They are now releasing it formally and creating conversations around the topic.
Their solution has an algorithm that creates a unique number sequence that cannot be decoded and so is hard to emulate.
Every new installation generates a different hash signature. Naumann says that the concept relies on a ‘shared secret’ given by the advertisers and keyed into the SDK. The ‘shared secret’ makes it hard for fraudsters to generate the hash even though they can access the open source SDK. What’s more, the signature is used only once.
Naumann says that people are not talking about the new SDK spoofing because it ‘makes a fool of them all.’ He adds that other companies such as AppsFlyer and Kochava have released similar solutions and that unless industry players work against such fraud, it will only get worse.