Due to developing countries such as India, Brazil and China the worldwide mobile market continues to grow rapidly. According to industry research and stats, these countries will bring more than 400 million new users ,in the mobile scene during the following years.
Companies that intend to bring in revenue streams with an App, need to know that the most important component is — the user.
The more users an app engages, the more money can be made.
However, the user acquisition process has its pitfalls, where fraudsters can harm your traffic quality/ channels therefore your revenues.
ClickSpam is a known, but complex attribution problem in the performance marketing scene. In a few words: ClickSpam means that a fraudster uses an app (e.g. Flashlight App) to steal organic users and attribute an app install, to himself in order to receive a commission.
We want to showcase this complex fraud case step by step with an example:
Example – Flashlight App “Flashmo”:
- Monica has a simple flashlight app installed on her device; Let’s call it Flashmo. (These type of apps are usually free and include small ad offers)
- As soon as Monica opens the Flashmo app on her phone, the fraudster sends an automatic click to the affiliate’s network link,
(promoting BatterySaverPro) using an Iframe or a Script, to open the App Store in the background.
- Monica does not notice anything of this, but later in the day she browses the App Store in the Utility Category.
Since BatterySaverPro has a very high ranking and many positive recommendations, she decides to install the App on her phone.
- Once Monica opens the app for the first time, the advertiser’s tracking system recognises, that there has been a previous click from Monica’s phone. The install is now attributed to the developer of Flashmo.
- The advertiser will pay a CPI Payout commission ranging from $1 – $10.
- Since Monica is a real user, she is also an active application user of BatterySaverPro. She might even spend money on upgrades or In-App purchases. This makes this type of fraud harder to detect. The retention metrics will show as they would show for an organic user.
- Once Monica opens the new app for the first time, (which can happen even after a while the download was completed), analytics and tracking platforms are informed to reference advertising clicks.
- The click appears to be real and matches Monica’s Unique Device ID perfectly.
The example above shows why ClickSpam is hard to detect and why it requires detailed investigation.
It can be very tedious and error prone if someone is doing this manually.
How you can identify fraudulent patterns inside your traffic:
When Click Spam occurs, analysing session time is a major factor to recognise it. Session Time describes the time between a click and the install.
You should notice that conversions are not coming in, within the first hour as normally expected. Instead conversions appear with randomly distributed Click to install times that span across the the whole or even multiple days
In the picture below, you can see the difference between fraudulent and good quality traffic inside of FraudShield.