Protect360 anti-fraud guide

  • Advertisers



Mobile fraud is considered by many to be the most alarming problem within the industry. Fraud drains marketing budgets, pollutes marketing performance data and turns successful campaigns into losing ones.

To combat mobile fraud, AppsFlyer has developed the industry’s most comprehensive, real-time fraud protection and detection solution - the Protect360 platform.

Protect360 is an AppsFlyer premium feature which is an add-on to existing packages. For specific pricing please contact your AppsFlyer CSM or write to

What is Protect360?

Protect360 is AppsFlyer's Enterprise-Grade fraud protection solution. It's a dynamically changing set of tools, which detect and block fraudulent mobile install and post-install events for today’s leading marketers. Using AppsFlyer's unique scale, machine learning and behavioral analysis, Protect360 provides unparalleled coverage against known and new forms of click/install fraud, bots and behavioral anomalies.

Protect360 guards marketers from fraud attempts on the device level, publisher level and on to the media source level.

There are 2 layers of protection serving Protect360's clients: Real-time blocking and Post-attribution.

Real-time fraud blocking

The first layer of anti-fraud protection is a set of tools which automatically blocks sources and devices suspected of fraudulent activities in real-time

For details on what happens with blocked events, go here.

Post-attribution fraud

The second layer of anti-fraud protection relates to fraudulent events, which can only be detected after the install and real-time attribution occur

After Protect360 identifies installs as fraudulent in retrospect, they can't be erased, but should still be treated as real fraud and not charged for.

Once a source (e.g. ad network, site ID, country) is identified as fraudulent:

  • Future clicks from the source are blocked.
  • Past installs, from the start of the current calendar month until the present, are labeled as post-attribution fraud, but not erased from the data.
  • Past installs, from before the start of the current month, are not changed.

Examples for post-attribution fraud:

  • Seemingly regular installs followed by fraudulent signals within in-app events
  • New form of fraud found
  • Installs which turn out to be fraudulent only after anomaly detection algorithms collect enough statistical data about the installs of any publisher

How to use Protect360?

In the next tabs of this article we describe how to understand and use Protect360's dashboard and raw data. We propose the following guidelines for advertisers using Protect360:

    1. At the start of each month contact your account manager in each ad network that suffered from fraud. Notify them of the total number of fraudulent installs, blocked and post-attribution.
    2. Share the frauds raw data with the network for reconciliation and optimization of its traffic. The table below describes where the data for both protection layers is found in AppsFlyer:
  Aggregate Raw Data
Real-Time Fraud Blocking Protect360's dashboard Export Data page
Post-Attribution Fraud Protect360's dashboard Protect360's dashboard
  • The Anomalies insight page offers information about media sources that have installs with abnormal CTIT values, when compared with other trusted sources.
    Visit the page to investigate these anomalies. Cross-reference the suspected installs with your raw installs data and look for suspicious signs such as weird app version numbers, old OS versions, distinctive locations etc. 
    You can also use the Validation rules feature to block installs with short CTIT values (although Protect360 automatically blocks installs with very short CTIT values).
Was this article helpful?
0 out of 0 found this helpful

Articles in this section