Protect360 Automatic Fraud Blocking

  • Advertisers


Premium customers using Protect360 are provided with automatic and comprehensive anti-fraud protection both on the single device level and on the general service level.

The Solutions

Set out below are the AppsFlyer’s automatic anti-fraud protection solutions:

Fraud Issue Issue Description AppsFlyer's Solution

DeviceID Reset Fraud

Device ID is constantly reset by the fraudster on the same device(s), to display a large amount of installs.

AppsFlyer creates a blacklist of Site IDs that consistently show irregular behavior of unknown devices.

Install Hijacking

Fraudsters plant malware on mobile devices that alerts when a download of an app takes place. Instantly a click is sent to AppsFlyer claiming credit for the install.

AppsFlyer blocks attributed clicks with a very quick CTIT* (Click To Install Time) and based on Google Play Server-Side API.

Click Hijacking

Malware identifies an install attribution link click and instantly sends another click that credits them if it is attributed.

AppsFlyer blocks attributed clicks occurring very fast* after other clicks for the same app on the same device.

Click Flooding

Mobile fraud where large numbers of fraudulent click reports are sent, with the intention of delivering the last-click prior to installs.

AppsFlyer blocks attributed clicks from site_ids with a low conversion rate and long CTIT.

Behavioral Anomalies

Mobile fraud where the fraudster generates an inconsistent and abnormal post install activity.

AppsFlyer’s unique scale allows us to measure and understand behavioral engagement patterns on multiple levels - such as by app, region, media source and publisher. Non-human behavioral patterns are identified in near real-time, and blocked at the source.

Block Fraudulent Devices Using DeviceRank

Fraudsters reuse the same mobile devices to commit fraud with different apps.

AppsFlyer’s unparalleled database of mobile devices is the biggest of its kind in the world encompassing over 98% of all smartphones on the planet.
This database allows us to rank all mobile devices globally according to their actions with all client apps. Thus suspicious devices are blocked from being attributed in real time.

IP Blacklists

Fraudsters usually operate from click farms, which may be identified by their IP addresses for long periods of time.

AppsFlyer blacklists IP addresses suspected of fraud on a daily basis based on up to date data received from 3rd party global provider Digital Element.

Note - IP Blacklists protection is automatically enabled for ALL AppsFlyer clients.

SDK Authentication

Fraudsters send fake SDK messages to simulate valuable user actions.

AppsFlyer uses a proprietary hashing protocol to encrypt internal messages between our SDKs and our web services, preventing fraudsters from mimicking the messages.

Note - SDK authentication protection is automatically enabled for ALL AppsFlyer clients.

Store Validations

Fraudsters send fake SDK messages to simulate installs or in app purchases so they can claim high CPA fees. For more information, click here.

AppsFlyer enables install validation on iTunes and in-app purchase validation for both iTunes and Google Play, of any install or in-app purchase that has taken place to prevent attribution of fraudulent activities.

* AppsFlyer withholds the exact time values to protect our clients.

To learn about AppsFlyer's advanced fraud detection techniques please read this.

What Does Fraud Blocking Actually Do?

When AppsFlyer's SDK or servers identify a mobile fraud attempt, they can't stop the physical event from happening. Rather, AppsFlyer blocks the attribution associated with the fraud event, eliminating the fraudsters' gains and motivation.

Generally, fraud events get the same treatment:

  1. Fraudulent installs are blocked from showing up on the dashboard and raw data report, neither as non-organic nor organic installs. The installs get attributed to the last engagement (or organic) of the user prior to the fraudulent click.
  2. Install postbacks are recorded on the blocked installs raw data report. They are ONLY sent to media sources, which support getting postbacks with blocking reasons for internal optimization.
  3. In-app events coming from fraudulent installs, or that are considered as fraudulent on their own, are blocked from showing up on the dashboard and raw data report, neither as non-organic nor organic events.
  4. In-app event postbacks are NOT sent to any media sources.
  5. Blocked fraud clicks, installs and in-app events are displayed as part of Protect360's fraud raw data reports.
Was this article helpful?
1 out of 1 found this helpful

Page Contents: