App Install Fraud
App install fraud is a growing problem for mobile platforms and app developers, with fraud rates reaching as high as 50% for some ad networks. Detecting these fraudulent installs is becoming harder as fraudsters camouflage their installs with increasingly sophisticated techniques like location and device spoofing, click jacking, and simulated user activity. DataVisor’s Unsupervised Machine Learning Engine is uniquely capable of detecting these fraudulent installs because it analyzes all accounts and events simultaneously, uncovering the hidden connections between them. This allows it to detect entire rings of fake installs at once, even when each install is not suspicious when analyzed in isolation.
How Attackers Generate Fake Installs Undetected
Proxies, VPNs, and cloud-hosting services allow attackers to evade IP or location blacklists and digital-fingerprint solutions.
Fake user Activity
Fraudsters use cheap, on-demand mechanical turks to create fake post-install activity to appear more authentic and evade rules-based detection.
Fraudsters utilize mobile device flashing, virtual machines and scripts to appear as though they are using different devices.
Attackers probe their target’s detection methods at small scale first, then launch massive campaigns after they find exploitable weaknesses.
Why UML is Needed to Detect Fake Installs
Rules engines and supervised machine learning models are often fooled by the sophisticated techniques fraudsters use to camouflage their fake installs. These techniques change rapidly and make fraudulent installs appear very realistic when viewed in isolation. Datavisor’s UML Engine is uniquely capable of combating these techniques because it analyzes all accounts and events at once, detecting the hidden connections between suspicious installs. This allows it to detect entire rings of fraudulent installs at once, even when each install is not suspicious in isolation. It also detects new and rapidly changing attack techniques without needing training data or labels.
Stop New & Evolving Attacks
Automatically detect new and rapidly evolving attacks without waiting for training data or labels.
Accuracy and Coverage
Analyze hidden connections between accounts to detect more attacks while lowering false positives.
Analyze Post-Install Events
Maximize detection by analyzing all data points, including post-install app launches and in-app events.
Traceable Fraud Reports
Provide detailed, verifiable evidence of fraud to ad networks to justify each refund and understand fraud patterns.
Learn More About Fighting App Install Fraud
In this webinar recording, Kohki Yamaguchi, product manager at DataVisor, shared the recent findings from our latest DataVisor Threat Labs report where we analyzed data from our Global Intelligence Network consisting of more than 491 ad networks, 140 million app installs and 11 billion user events
The DataVisor Detection Solution
Unsupervised Machine Learning Engine
Supervised Machine Learning Engine
Automated Rules Engine
Global Intelligence Network
Aggregate and analyze the industry’s broadest array of digital fingerprints and signals from billions of users across a variety of industries.
What’s Happening with App Install Fraud
The fraud landscape within the mobile user acquisition space is very complex with many sophisticated attack techniques involved. In this blog post, we will cover the tools and techniques used by fraudsters and why it’s difficult to detect them.
This blog post is part one of a two-part series that details the UA fraud problems in the mobile app industry. The series highlights the impact of the fraud problem, the tools and techniques fraudsters use and why UA fraud is getting harder to detect.
One of the things we heard repeatedly during our most recent meetup on User Acquisition Fraud was frustration at not knowing where a company stands in terms of fraudulent users. It was clear that people want to