Fraud was once the weak link of the performance marketing industry but has since become a major selling point. After all, why should advertisers be worried about fraud when they only pay when they get a confirmed sale or app install? It is a great sales pitch for networks, but is under threat by continuing app install, attribution and click fraud.

The problem is that bad actors have found hard-to-detect ways to game the system through mobile emulators, fake deviceIDs and other tricks.

Dr Augustine Fou, a well-known ad fraud investigator writes:

Bad guys are using mobile emulators like Genymotion to create millions of fake mobile devices in cloud data centers. Then they download and install the targeted apps – like the Amazon Shopping app – and get paid the cost per install. But is that the end of it? No, bad guys have more money to make. They change the deviceID of the fake device and download the app again and get paid the CPI again. And again. And again. Fraud detection SDKs installed in the app itself cannot tell this is fraud because it appears to be brand new device that hasn’t been seen before.


Did you know that there is an obscure permission in Android where apps can be notified when other apps are installed on the device? This permission is being exploited by rogue apps to perform attribution fraud and re-engagement fraud. When an installed app receives notification that a new app is installed it jumps into action and performs click spamming on the attribution URL to claim credit for the install of the other app, even though it was “organic” and did not involve any ads or any affiliate help.  We’ve seen “warring apps” stealing credit from each other for CPI campaigns. We’ve also seen what is called “organic stealing” — this means the app install occurred because the human wanted to install the app, not because he saw an ad for it; think Uber app or Amazon app. By repeatedly spamming the click attribution URL, the fraudsters can get paid the CPI bounty even for an “organic install” that happened independently of any ads or clicks.