In the click injection, Click is injected where a malicious publisher(apps) on the phone notices that “ABC app” is being used by the customer, and fires a click in the background. In that case, as the user is browsing on “ABC app”, the click has been sent and order captured. Hence, the attributes are manipulated and payment is done to wrong media source instead of the actual (and deserving) source.
There are two levels of attribution:
Click to Install Attribution: If a user clicks on an ad, we need to track the validity of that click that led to the install or conversion. For example, in many performance campaigns, a 7-day or 14-day attribution is considered as standard attribution window. If a click has been performed within the set attribution window that means that click is valid for attribution and the publisher that fired the click will be attributed to the install.
Install to Event Attribution: The subsequent events after the install are tracked which can be add-to-cart, sale/purchase, booking etc. The attribution window can also be defined from install to the sale/purchase event etc. For example, in many performance campaigns from install to a sale event can vary from 24 hours to 30 days, depending on the advertiser’s marketing strategy.
Steps Fraudsters use in Click Injection:
1.Fradulant app installed in phone.
2. When a new app (Advertiser app) is installed, fraudulent app and other apps also get notification through installation broadcast. This broadcast is important to create a tight connection between different apps. The malicious app installed in the phone keeps performing its unsuspicious action until it listens to an Install Broadcast.
3. Fraudulent app pushes manipulated click. This click seems to be genuine as it has devices id and other records of targeted device.
4. Ads attribution services start tracing clicks in reverse chronological order and therefore determine Fraudulent app’s click as the last-touch click and will attribute this event to this fraudulent app.
5. In this process, both genuine publisher and advertiser suffer losses. Genuine publisher does not get their pay for their genuine effort and advertiser ends up paying to the wrong channels.
Many apps on the Play Store have been caught doing this. The case of Cheetah Mobile is classic in this, where all apps of CM (which were very popular and had millions of installs between them) would inject clicks to steal organic / inorganic installs from other sources. Further, users may unintentionally install the malicious app that performs non-suspicious operations, such as auto-change wallpapers, flashlight, cat-voicing, etc., and it would appear harmless to them. These malicious apps are usually available on unverified Android sources for free. Such apps have permission to inject a click to run another application and to listen to the ‘install broadcast’.
How to Prevent Click Injection
- Through Data Analysis: In order to detect click injection, mobile measurement partners need to track timestamps for when a user started an install (click-time) and when an install is finished on the device (conversion-time). With access to this information, we can prove the user’s intent to install came before the fraudulent claim. Those claims can, therefore, be detected before attribution, meaning that ad spend is safe from click injection fraud.
If we analysis the data pattern of a click injection, we can find that click to install time will always be less than normal. This generally works only to identify the more extreme and obvious cases of click injections. Users may take their own time in installing and opening the app, which means that even if click is injected, the time when the user opens the app can be outside the limit set.
- Use Google Play Store APIs (Only for Android) :
Google released Play Store Referral APIs which provide timestamps of the time of click and download of the app from the App Store. These are more accurate and effective in ensuring detection of click injections. Unfortunately it works only in Android and not for IOS.
- Machine Learning and Artifical Intelligence: These methods seek for accounts, customers, suppliers, etc. that behave ‘unusually’ in order to output suspicion scores, rules or visual anomalies, depending on the method. These methods can identify the frauds with very high degrees of accuracy.
- Be Transparent with publishers/affiliates: As an advertiser, demand better transparency from your publishers or affiliates. Request publishers to identify all third-party sources of traffic and if a publisher seems reluctant to identify his traffic sources, that is an indicator of possible malicious activity and something to look out for.
- Implement third-party fraud monitoring: As fraudulent practices continuously evolve; it is very difficult to identify all types of fraud and block them in real-time. Implementing a third-party detection system will allow you to identify and block fake activity.
Impact of Click Injection
Click Injection creates a negative loop where the advertiser continues to pay someone else for the users they would have already acquired organically (or at least through other marketing channels). It captures organic traffic, brands it without user’s knowledge and then claims the credit for it. It ruins the accuracy of a marketer’s data impact the accurate decision-making.
- Coupons Sites/Deal Sites: A user adds a product to cart but then figures if there are any coupons / cashback available and hence, clicks on the affiliate website later
- Re-targeting Sites: A user adds a product to cart but changes his mind and keeps on browsing some sites and sees the add and later decides to buy the product so the time to add to cart to click is more.
mFilterIt Role:With its machine learning-based algorithms, mFilterIt tracks characteristics of each device as per what it should be. The solution includes various situations and environment, to detect and protect from various type of frauds. We combine cutting-edge machine-learning technology, along with a dedicated team of data scientists, who endeavour day in and day out to help app advertisers in flushing frauds from their ecosystem, thus increasing their ROI.