Protect360 dashboard

At a glance: The Protect360 dashboard provides insights about fraudulent traffic and installs blocked due to the application of validation rules.

p360_dashboard_1.jpg

Related reading: Overview | Raw data | Validation rules

About Protect360 dashboard

The Protect360 dashboard:

  • Displays aggregate fraud data at the account level.
  • Has three dashboard views:
    • Installs (CPI)
    • In-app events (CPA)
    • Anomalies
  • Organizes fraud based on categories, including:
    • Fake installs
    • Hijacked installs
    • Fraud identified post-attribution
  • Allows you to drill down to further examine fraud events by using the filtering and grouping options.

To view the Protect360 dashboard, in AppsFlyer, go to Dashboard > Protect360. 

Filters and groupings

Filter and groupings window

filters.jpg

The following filtering and grouping options are available:

  • Basic filters:
    • App name
    • Media source
    • Geo
    • Date range
    • Payable events (available in the In-app events dashboard) 
  • Expanded filters - click on the blue arrow, to the right of the date picker:
    • Agencies
    • Campaigns
    • Channels
    • Minimum cohort size
  • Grouping options - choose different dimensions to group the fraud data by to get the specific insights you need:
    • Application: compare the total amount of fraud per each of your apps.
    • Media Source (default): compare the handled fraud from each of the media sources used by your apps
    • Media Source + Campaign: compare the handled fraud from all your campaigns across all media sources used by your apps
    • Media Source + Site ID: compare the handled fraud from all publishers (site IDs) across all media sources used by your apps
    • Media Source + Site ID + Campaign: compare the handled fraud from all publishers (site IDs) across all media sources used by your apps, associated with the relevant campaign names
    • Media source + Geo (available in the In-app events dashboard): compare the handled fraud from each of the media sources used by your apps associated with the relevant countries
    • Geo: compare the handled fraud from all countries

Installs dashboard

Dashboard features are described in the sections that follow.  

Installs—headline metrics

The headline metrics enable you to see:

  • Estimated savings
  • Total number of fraudulent installs,
  • Number of fraudulent (in-app) events
  • Anomalies

For each KPI, there is a percentage value. This value shows how the presented KPI is in relation to the parallel date range before it. For example, the last 7 days show X% increase in estimated savings, meaning the previous week before the last 7 days had X% less fraudulent installs.

Estimated savings

Estimated savings metrics:

  • Displays the value of fraud blocked in real-time or identified post-attribution, to be settled by you with the ad networks. 
  • Uses the formula: Estimated Savings = number of blocked installs X app average eCPI

For more details on how this amount is calculated read this FAQ.

Total identified fraud

Total identified fraud metrics display the amounts of:

  • Fraudulent installs blocked in real-time for all the various fraud-blocking reasons.
  • Installs identified as fraud post-attribution.

Blocked in-app events

Blocked in-app events metrics display the amount of in-app events blocked by AppsFlyer. The events may have been blocked due to belonging to blocked installs, or due to being marked as suspicious post-attribution events.

Installs—chart

Fraud trend over time chart

The fraud trend over time chart displays the number of fraudulent installs per day, broken down between installs blocked in real-time and install identified as fraud post-attribution. 

Installs—table

Identified fraud breakdown

The Identified fraud breakdown table displays the following data:

  • Fraud blocked in real-time
  • Fraud identified and marked post-attribution
  • Other indications of fraud per media source

The table is presented in a general overview format, as shown in the image that follows.

identified_fraud_breakdown_table.png

The dynamic table structure:

  • Lets you click the table settings button to add or remove columns to the table.
    If you make any changes to the table, make sure to click the Save button afterward. 
  • Is per user, so every team member with access to Protect360 can personally customize their own table structure. See more table options.

edit_table.jpg

Content of the identified fraud breakdown table
Table Column Description
Groupings
  • [Default] The table and dashboard are grouped by Media Source.
  • When selecting a specific media source, the grouping is automatically by both Media source and Site ID.
  • Optional groupings include Campaign, GEO, Channel, agency, and combinations thereof.
Installs Headline breakdown of blocked and post-attribution fraudulent installs.
Total (A)
  • Total installs = Regular (non-fraudulent) installs + blocked installs + installs identified as fraud post-attribution
  • Regular installs are available per media source (non-organic) in the Overview dashboard.
Blocked (B)
  • Total number of blocked installs.
  • Note: Organic blocked installs are not shown in the Protect360 dashboard. To see organic blocked installs, use raw data reports.
  • [Default] The table is sorted in descending order using this KPI.
Blocked % (B/A) Blocked installs / Total installs
Post-attribution (C) Installs identified as fraud post-attribution.
Post-attribution % (C/A) Post-attribution installs / Total number of installs
Total fraudulent installs (D) Fraudulent installs, blocked in real-time or identified as fraudulent post-attribution.
Fraudulent installs % (D/A) Fraudulent installs / Total number of installs
Fake installs Fraudulent installs simulating real user activity - divided by real-time blocks and post-attribution.
Real-time block Fake installs blocked in real-time.
Post-attribution fraud Fake installs identified as fraud post-attribution.
Hijacked installs Fraudulent last clicks stealing attribution of real user installs - divided by real-time blocks and post-attribution.
Real-time block Hijacked installs blocked in real-time.
Post-attribution fraud Hijacked installs identified as fraud post-attribution.
Validation rules Installs meeting Protect360 validation rules conditions.
Blocked installs Installs blocked by Protect360 - Business customization validation rules (App Version, Empty Customer User ID).
Blocked attribution Attribution changes of installs by Protect360 - Time to install validation rules: Changed from fraudulent clicks to the true media source.
Fake installs block breakdown Breakdown of blocked and post-attribution fraudulent fake installs usually performed programmatically.
Blocked site ID denylist Installs blocked due to Protect360 denylisting the SiteID.
Post-attribution site ID denylist Installs marked as fraud due to Protect360 post-attribution denylisting of the SiteID.
Blocked bots Blocked installation attempts made by automatic bots.
Post-attribution bots Installs marked as fraud due to identified automatic bots activities post-attribution
Blocked behavioral anomalies Installs blocked due to behavioral anomalies, meaning, abnormal session and in-app event performance of users.
Post-attribution behavioral anomalies Installs marked as fraud due to behavioral anomalies post-attribution.
Blocked install validation Total installs blocked due to negative store validation.
Hijacked installs block breakdown Breakdown of fraudulent last clicks aimed to steal attribution of real user app installs.
Blocked install hijacking Blocked install hijacking of the source.
Post-attribution install hijacking Install hijacking marked as fraud in post-attribution.
Blocked CTIT anomalies Installs blocked due to CTIT anomalies.
Post-attribution CTIT anomalies CTIT anomalies marked as fraud in post-attribution.
Blocked click flooding Installs blocked due to click flooding (fraud attempts to send large numbers of clicks hoping to deliver the last clicks prior to random installs.)
Post-attribution click flooding Click flooding installs marked as fraud in post-attribution.
Clicks Legit clicks from the source
Total (E) Total number of legit clicks received from the source
In-App Events Legit and blocked in-app events from the source
Total (G) Total in-app events
Blocked (H) Blocked in-app events 
% (H/G) Blocked in-app events / total in-app events
Device farm indicators - new devices Indicators of fraudulent device farm activity, using Device ID Reset fraud.
Installs (I) Installs having a new device ID not known to AppsFlyer.
Installs % (I/A) New device installs / Total number of installs
Loyal user % General KPI indicating if users are real or fake.
Device farm indicators - LAT devices Indicators of fraudulent device farm activity, using Limited Ad Tracking (LAT) fraud
Installs (K) Installs having LAT enabled
Installs % (K/A) Installs having LAT enabled / Total number of installs
Loyal user % General KPI indicating if users are real or fake.
Click flooding indicators User quality KPIs
Conversion rate (%) Low percentage compared with the general app conversion rate indicates click flooding fraud.
Assists % High percentage compared with other media sources (in the Assists widget in the overview page) indicates click flooding fraud.
Click flooding indicators - CTIT Indications of click flooding fraud, based on abnormally high Click to Install Time.
Over 60 minutes Normally ~30% of first app launches occur more than 60 minutes after download.
Over 5 hours Normally ~20% of first app launches occur more than 5 hours after download.

Additional table options

  • Click Export CSV button to download the table to your desktop in CSV format
  • Click the gear icon to:
    • Change the order of table columns
    • Add or remove the columns described above
    • Add or remove any of your app's recently blocked in-app events. For each added in-app event the following columns are displayed:
Table Column Description
Events Counter (Total) Number of the specific event's blocked occurrences
Unique Users Number of unique users getting the specific event blocked 

Note that uncommon rates of either of these KPIs does not necessarily indicate fraud, as many events get blocked due to fraudulent post-attribution installs.

The amount of events shown is activity-based, and not LTV based, meaning it's the exact number of event blocks during the specified date range.

In-app events dashboard

Dashboard features are described in the sections that follow.  

In-app events—headline metrics

The headline metrics enable you to see:

  • Estimated savings
    • Only available if Payable events is enabled. 
    • Based on the payable events you have configured. 
  • Total number of identified fraudulent IAEs

In-app events—charts

Fraud trend over time chart

The fraud trend over time chart displays the number of events per day, broken down into:

  • Real-time: Fraudulent in-app events blocked in real-time
  • Post-attribution: Fraudulent events identified post-attribution
  • Non-fraud

Top IAE fraud by media source chart

The top in-app event fraud by media source list contains: 

  • The 5 media sources with the highest number of fraudulent in-app events in descending order. 
  • A bar chart for each media source bar that displays the following in-app event types as a percentage of total in-app events:
    • Real-time: Fraudulent in-app events blocked in real-time
    • Post-attribution: Fraudulent events identified post-attribution
    • Non-fraud

In-app event fraud sunburst chart

IAE_pie_chart.gif

The in-app event fraud sunburst chart displays the in-app event fraud breakdown visually.

The innermost (root) ring of the sunburst chart displays in-app events broken down into parent slices: Non-fraud, Fake and Hijacked.

Clicking a parent slice (and subsequent slices in the sunburst hierarchy) displays additional breakdowns of in-app events and media sources. 

The in-app events displayed in the sunburst chart are identical in name and meaning to those in the In-app event fraud breakdown table.

In-app events—table

The In-app event fraud breakdown table displays the following data:

  • Fraud blocked in real-time
  • Fraud identified and marked post-attribution
  • Other indications of fraud per media source

The table is presented in a general overview format, as shown in the image that follows.

IAE_fraud_table.jpg

The dynamic table structure:

  • Lets you click the table settings button to add or remove columns to the table.
    If you make any changes to the table, make sure to click the Save button afterward. 
  • Is per user, so every team member with access to Protect360 can personally customize their own table structure. See more table options.

iae_table_structure.jpg

Content of the in-app event fraud breakdown table
Table Column Description
Groupings
  • [Default] The table and dashboard are grouped by Media Source.
  • When selecting a specific media source, the grouping is automatically by both Media source and Site ID.
  • Optional groupings include Campaign, GEO, Channel, agency, and combinations thereof.
In-app events Headline breakdown of blocked and post-attribution fraudulent IAEs.
Total IAE (A)
  • Total IAE = Regular (non-fraudulent) IAEs + blocked IAEs + IAEs identified as fraud post-attribution.
  • Regular IAEs are available per media source (non-organic) in the Overview dashboard.
Total fraudulent IAE (B)
  • Total number of blocked IAEs + IAEs identified as fraud post-attribution.
  • Note: Organic blocked IAEs are not shown in the Protect360 dashboard. To see organic blocked IAEs, use raw data reports.
  • [Default] The table is sorted in descending order using this KPI.
Fraudulent events % (B/A) Fraudulent IAEs/Total IAEs
Fake IAE real-time blocks

Fraudulent IAEs blocked in real-time.

Fake IAE Fake IAE identified as fraud and blocked in real-time.
Fake installs

The original install was identified as fraud and blocked in real-time.

Post-attribution fake installs

The original install was identified as fraud post-attribution, before the IAE. 

Saved from hijacking in real-time IAEs with the original install hijacked by a fraudulent source, that AppsFlyer correctly attributes to the last non-fraudulent source.
Corrected to organic Hijacked installs with the last non-fraudulent source being organic.
Corrected to non-organic source Hijacked installs with the last non-fraudulent source being a non-organic media source.
Post-attribution IAE fraud In-app events identified as fraud post-attribution.
Fake installs IAE occurred before the install was identified as fraud post-attribution. 
Hijacked installs IAE occurred before the install was identified as hijacked, and cannot be correctly attributed post-attribution.
Validation rules IAEs blocked due to meeting validation rules conditions.
Blocked installs IAEs of installs blocked by validation rules.
Blocked IAE IAEs blocked by validation rules.
Corrected to organic Hijacked installs with the last non-fraudulent source being organic.
Corrected to non-organic source Hijacked installs with the last non-fraudulent source being a non-organic media source.

Additional table options

  • Click Export CSV button to download the table to your desktop in CSV format
  • Click the gear icon to:
    • Change the order of table columns
    • Add or remove the columns described above

The amount of events shown is activity-based, and not LTV based, meaning it's the exact number of event blocks during the specified date range.

Payable events

Payable events are IAEs that have a cost. Once enabled and configured, the In-app activity dashboard only displays data related to payable events.

To enable Payable events in the In-app activity dashboard:

  • In the Filter by section of the In-app activities dashboard, enable Payable events.

To configure payable events:

  1. In the In-app activities dashboard, click Configure payable events.

    The Configure payable events popup displays.

  2. [Optional] If you configuring a new payable event, click Add new.
  3. Based on which payable IAEs you want to display in the dashboard, select the following from the drop down menus:
    • Apps
    • In-app events
    • Media sources
    • Campaigns
  4. Enter the CPA of the IAE. 
  5. Click Save.
  6. Click Close. 

Anomalies dashboard

The Anomalies dashboard:

  • Provides insights about media sources that have suspicious Click to Install Time (CTIT) values, or new device ratios, when compared with other media sources.
  • Enables you to use the media-source-level KPIs to receive compensation from the media sources and consider whether to continue working with them or not.

CTIT tab

Anomalies_CTIT.png

To view CTIT insights (numbers refer to the preceding screenshot):

  1. Go to Anomalies > CTIT.
  2. Select apps to watch in the page.
  3. Select which countries contribute to the data in the page.
  4. Select the date range of the data in the page.
  5. Turn Exclude post-attribution fraud on to see only blocked fraud, or turn it off to see the full fraud insights.
  6. Select the media source baseline to compare with. The default App Baseline takes into consideration various sources trusted by AppsFlyer, which contribute to your traffic.
  7. Select the time resolution shown in the graph: seconds, minutes, hours or days.
  8. Customize the validation rules to exclude installs with illogical CTIT.
    Note: the validation rules feature must be enabled for your account to perform this.
  9. To see more details, hover over the distinctly colored parts in the graph, which indicate detected CTIT anomalies.
  10. Click to see a visual comparison of CTIT throughout different media sources.
  11. Click the Protect 360 link to go back to the Identified Fraud page.

The CTIT anomalies breakdown table, at the page bottom, displays all the media sources which have CTIT anomalies. Use it to see data about the number and percentage of installs with abnormal CTIT values. With this table you can also export to CSV, add or remove columns or set their order.

New devices tab

anomalies_new_devices

The New devices tab enables you to visually detect media sources and site IDs, which have suspiciously high ratios of new devices installing your app. 

Sources, which are colored in gray, are below the New devices ratio threshold. For the yellow-colored sources, the stronger the color, the higher is the new devices ratio.

The area occupied by a media source represents the total number of its installs, including blocked and post-attribution fraud. 

To view new device insights (numbers refer to the preceding screenshot):

  1. Go to Anomalies > New devices.
  2. Select apps to watch on the page.
  3. Select which countries contribute to the data on the page.
  4. Select the date range of the data on the page.
  5. Set the New devices ratio threshold, above which you consider media sources as suspicious and colored in yellow.
  6. To see more details about a media source, click on it.
    Click on the All media sources link to get back to the view of all media sources.
  7. Click the Installs link to go back to the Installs tab.
  8. You can export the Identified fraud breakdown table, containing the new devices data.
Was this article helpful?