App Install Fraud

App install fraud is a growing problem for mobile platforms and app developers, with fraud rates reaching as high as 50% for some ad networks. Detecting these fraudulent installs is becoming harder as fraudsters camouflage their installs with increasingly sophisticated techniques like location and device spoofing, click jacking, and simulated user activity. DataVisor’s Unsupervised Machine Learning Engine is uniquely capable of detecting these fraudulent installs because it analyzes all accounts and events simultaneously, uncovering the hidden connections between them. This allows it to detect entire rings of fake installs at once, even when each install is not suspicious when analyzed in isolation.

Request Trial

How Attackers Generate Fake Installs Without Being Detected

IP Obfuscation

Proxies, VPNs, and cloud-hosting services allow attackers to evade IP or location blacklists and digital-fingerprint solutions.

Fake User Activity

Fraudsters use cheap, on-demand mechanical turks to create fake post-install activity to appear more authentic and evade rules-based detection.

Device Obfuscation

Fraudsters utilize mobile device flashing, virtual machines, and scripts to appear as if installs are coming from many devices.

Probing Weaknesses

Attackers probe their target’s detection methods at small scale first, then launch massive campaigns after they find exploitable weaknesses.

Why UML is Needed to Detect Fake Installs

Rules engines and supervised machine learning models are often fooled by the sophisticated techniques fraudsters use to camouflage their fake installs. These techniques change rapidly and make fraudulent installs appear very realistic when viewed in isolation. Datavisor’s UML Engine is uniquely capable of combating these techniques because it analyzes all accounts and events at once, detecting the hidden connections between suspicious installs. This allows it to detect entire rings of fraudulent installs at once, even when each install is not suspicious in isolation. It also detects new and rapidly changing attack techniques without needing training data or labels.

Stop New & Evolving Attacks

Automatically detect new and rapidly evolving attacks without waiting for training data or labels.

Accuracy and Coverage

Analyze hidden connections between accounts and events to detect more fake installs while lowering false positives.

Analyze Post-Install Events

Maximize detection by analyzing all data points, including post-install app launches and in-app events.

Traceable Fraud Reports

Provide detailed, verifiable evidence of fraud to ad networks to justify each refund and understand fraud patterns.

Learn More About Fighting Paid Install Fraud in the Real World


The Underworld of App Install Ads Report provides unprecedented insight into fraud techniques in mobile user acquisition advertising.

Download Report


DataVisor partners with a major gaming company with more than 300 million users to help them fight user acquisition fraud.

Read Case Study


Learn about the latest trends and techniques used by fraudsters to perpetrate app install fraud without being detected.

Read Case Study

The DataVisor Detection Solution

Unsupervised Machine Learning Engine

Predict new, unknown threats without labels or training data by analyzing hundreds of millions of accounts and events simultaneously using the industry’s most advanced unsupervised learning technology.

Supervised Machine Learning Engine

Use industry leading supervised machine learning algorithms to augment the unsupervised machine learning detection with client-provided labels.

Automated Rules Engine

Generate and deprecate rules automatically, lowering maintenance costs and improving results explainability.

DataVisor Global Intelligence Network

Aggregate and analyze the industry’s broadest array of digital fingerprints and signals from billions of users across a variety of industries.

Learn More

What’s Happening in Mobile Gaming


Are You Paying for Fake App Installs? What You Can Do About Install Fraud

The mobile app landscape is extremely competitive. With more than three million apps available today in the major app stores, a new app has slim chances of standing out and making it to the top of the charts. Install ad campaigns are increasingly popular (if not necessary) for app marketers. But install fraud is an increasing problem.

Read Blog


Mobile Fraud Gone in a (Device) Flash

Device fingerprinting, i.e., collecting information from a device for the purposes of identification, is one of the main techniques used by online services for mobile fraud detection. The goal is to recognize “bad” devices used by fraudsters, such that they can be identified even when other attributes (such as user names or IP addresses) change.

Read Blog


How Risky is Your UA Business? Introducing the User Acquisition Fraud Calculator

One of the things we heard repeatedly during our most recent meetup on User Acquisition Fraud was frustration at not knowing where a company stands in terms of fraudulent users. To provide some guidance, we’ve developed a User Acquisition Fraud Calculator which can help you determine your risk of fraudulent installs given where you are spending your ad dollars.

Go to calculator

Read DataVisor’s Latest Posts

Go To The Blog

Getting Started

Want to find out how DataVisor can identify fake installs and help you recover millions of dollars in advertising spend? Request a trial today!

Request Trial