Obliterating click injection fraud on Android

It’s estimated that in 2017, mobile advertising will account for $139 billion of all paid media advertising worldwide, with an estimated $7.5 billion spent by marketers in the United States on mobile app install advertising. Experts estimate that anywhere between $7.2 billion and $16 billion is lost annually to ad fraud, and ends up in the hands of bad actors who steal credit for installs and ad clicks. Just one type of fraud, click injection, accounts for an estimated 30 to 40 percent of all mobile app install fraud.

Simply stated, click injection fraud is the process by which a non-human actor, such as a bot or malware installed on a mobile device, attempts to steal attribution credit and advertising dollars for a genuine app install. This happens when scripts or bots inject fake ad clicks between the time a person downloads and first opens an app.

Those familiar with click injection fraud know that it has been an acute challenge for publishers who market Android apps. This is because the Android platform allows already-installed apps to detect when new apps are downloaded, a capability bad actors have exploited to inject clicks in the window between download and initial open.

Putting an end to click injection fraud

With the release of the new Play Install Referrer API, TUNE is leveraging Google’s Download Timestamp data to deterministically identify click injection fraud. This data provides the exact time a user clicked the “download” button on an app found within the Google Play store. This means we will know with certainty when click injection fraud occurs, allowing TUNE to act with certainty to completely stamp it out.

What changed? Google has made available to TUNE the new Play Install Referrer API, which supplies us with the discrete download timestamp for applications in the Google Play store. TUNE’s updated Android SDK receives this data on the first open by the user. By pairing Google click data with TUNE behavioral data, we can determine the time between the download beginning in Google Play and the install time captured by TUNE’s SDK, as well as any activity — such as ad clicks — that occur between those two timestamps.

This insight is key to detecting and eliminating click injection fraud. Fraudulent clicks that could steal credit for an install will now be identified as manufactured clicks, as we can definitively determine that they occurred after an app download began. TUNE is one of the mobile measurement solution providers to use this data, and we have integrated it directly into the TUNE Marketing Console.

From download to install with TUNE Marketing Console

Armed with this information, TUNE will automatically reject clicks that occur in between the download and the install (since those are clicks that were injected to steal credit for the download). Of course, TUNE will still look for pre-download attributable clicks to determine install attribution. Marketers who use TUNE to measure app installs on Google Play have a new tool capable of identifying and ultimately ending fraudulent click injection without impacting real customer installs.

This use case is an example of how global technology leaders like Google and TUNE team up to solve the most pressing issues facing mobile marketers and app developers. TUNE’s Fraud Prevention Solution, which helps marketers identify and address mobile app install fraud, coupled with this new download data from Google enables mobile marketers to definitively pinpoint and prevent click injection fraud.

To take advantage of this newfound insight, you need to update your TUNE Android SDK. TUNE’s solution engineers are on call to help you and your team integrate this SDK quickly and safely so you can spend more effectively through the crucial holiday season. Please reach out to your TUNE customer success manager for more information.

Read the full press release here.