arrow left facebook twitter linkedin medium menu play circle
August 23, 2017 - Ting Fang Yen

DataVisor Threat Labs Report: The Underworld of App Install Advertising

Mobile marketers are in a race against fraud. Traditional cost-per-impression (CPM) and cost-per-click (CPC) advertising is unreliable since it can be easily overrun by spoofed traffic from automated software. In an effort to better define metrics that identify real and valuable users, the mobile advertising landscape has shifted to cost-per-install (CPI) and cost-per-engagement (CPE) user acquisition models. While it’s more difficult to simulate an active user, it’s not impossible, and fraudsters are always up for the challenge. We’ve  previously discussed some of the methods fraudsters we’ve seen in the wild, but with the DataVisor Global Intelligence Network of aggregated, anonymized signals across our global client database of more than two billion users, we decided to take a deeper dive into the app advertising ecosystem.

The result? Presenting the DataVisor Threat Labs Report: The Underworld of App Install Advertising.
This new report, released today, is based on the analysis of 140 million app installs and 11 billion user events between January through May of 2017 and dives into the most recent fraud techniques and attack patterns in mobile user acquisition advertising. The study analyzes fraud in the wild from more than 490 ad networks and publishers, and focuses on the widely understudied issue of app install fraud. It also provides critical steps for advertisers to effectively combat the growing army of sophisticated fraudsters.
Some of the questions we sought to answer include:

    • How does user acquisition (UA) ad fraud work?
    • How does ad fraud affect advertisers and ad networks?
    • What techniques are fraudsters using to evade detection?
    • What is motivating fraudsters to adopt certain techniques?
  • What marketers can do to protect their investment and improve ROI?

At a glance, the findings highlight a broad range of fraudster tools, techniques, preferences, and behaviors, as well as how they impact both individual campaigns and ad networks:


The main takeaway we walked away with after analyzing millions of users and billions of events is that most ad campaigns — no matter what ad network is used, or what countries and devices are targeted — include a significant percentage of fraudulent inventory and it can vary up to 90 percent fraud on any given campaign. This limits advertisers’ ability to execute, undermines the credibility of ad networks, and taxes all players in the ecosystem. It’s a problem that has often gone unchecked and is not going away soon, so it’s important for mobile marketers to keep an eye on it or risk losing millions of dollars in budget by paying for installs that are not real people.
If you’re interested in learning more about some of the tools and techniques we observed, as well as how to combat them, please download the full report here: DataVisor Threat Labs Report: The Underworld of App Install Advertising.

about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.
about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.