Please enable JavaScript.
Coggle requires JavaScript to display documents.
Mobile Fraud (Bots (SDK spoofing (By performing a man-in-the-middle attack…
Mobile Fraud
Bots
Server-based bots -- via emulators -- mimicking an active user’s behavior, interacting with ads
Device-based bots -- SDK spoofing (2017)- Open source SDK
SDK spoofing
- By performing a man-in-the-middle attack (MITM attack), fraudsters break open the secure sockets layer (SSL) encryption between the communication of a tracking SDK and its backed servers.
- Fraudsters then generate a series of ‘test installs’ for the app they are planning to siphon.
- They then discover which URL calls represent specific actions within an app.
- Fraudsters research which parts of the URLs are static and which are dynamic.
- They then test their setup and experiment with the dynamic parts.
- Finally, once a single install has been successfully tracked, fraudsters know they have figured out a URL setup that will allow them to create installs out of thin air.
- They then repeat the process indefinitely.
-
IP blacklisting
SDK security measures,
Bot signatures
Behavioral anomalies,
-
Ad stacking
one device, one ad placement, same time stamp
multiple ad click engagements
hard to find if campaigns from different advertisers, different attribution tools
mobile apps or websites stack multiple ads beneath one another in a single ad placement,while only the top ad is visible with its impression actually served
-
Click hijacking
malware it’s commonly hidden in apps that look completely legitimate or apps downloaded via third-party app stores.
raw data reports to identify sources sending clicks seconds after the previously recorded click from a competing source
-
click injection.
-
-
The fraudsters will be informed when new apps are installed on the device, triggering a click before the installation is complete, taking credit for the install
Other
forced clicks -- no "X" button, high CTR
-
-