Protect360反欺诈指南

概览:与归因相关的欺诈行为在应用行业中是一项重大挑战。欺诈会浪费营销预算,污染营销绩效数据,并会将本是成功的广告系列变成失败的。Protect360将为应用程序所有者提供实时欺诈保护和假量检测

Protect360_-_Product_Master_Deck.jpg

Related reading:  Introductory guide for marketers to mobile ad fraud.

Protect360 overview

Protect360:

  • Protects against attribution fraud. It consists of dynamic tools that detect fraud and block fraudulent attribution.
  • 使用AppsFlyer规模,机器学习和行为分析,来识别已知的和新形式的点击/安装欺诈行为,包括机器人作弊和行为异常。
  • 在设备,发布者和媒体来源级别,保护市场营销人员免受欺诈。
  • Uses a layered approach of real-time fraud blocking and post-attribution fraud identification
  • Does not impact the app user experience. In case of fraud attempts involving real users, app installs complete normally, and only attribution recording is affected.

Protect36-flow_us-en.png

Real-time blocking

  • In real-time, before attribution, the install is identified as coming from a fraudulent media source and is blocked from attribution.
  • Subsequent in-app events, from the same user, are blocked. 
  • Blocked installs and in-app events both organic and non-organic are:
    • Reported in the Protect360 dashboard and blocked fraud reports.
    • These events aren't included in AppsFlyer attribution and dashboards because they were never attributed. 
  • Blocked install postbacks are sent to media sources, with the blocking reason, enabling them to optimize. 

关于已拦截的事件

Post-attribution detection

  • Fraud detected after attribution is referred to as post-attribution fraud. 
  • Once attributed, an install can't be erased. For this reason, post-attribution fraud is handled differently to that of real-time fraud.
  • Fraudulent installs and in-app events identified in retrospect, must be treated as real fraud and not charged for.

Once a source, like an ad network or site ID, is identified as fraudulent:

  • 未来来自媒体的点击将被阻止。
  • 过去的安装:
    • From the start of the current calendar month until the present, are labeled as post-attribution fraud, but not erased from data. As of January 2020, advertiser invoices are credited for the attribution fees of these installs.
    • 在本月开始之前的安装,不会更改。
  • 发生的应用内事件:
    • Up until the install labeling: labeled as fraud.
    • After the install labeling: labeled as fraud.

归因后欺诈的示例:

  • 看似常规安装,然后在应用内事件中发出欺诈信号
  • 发现一种新的欺诈形式
  • Installs which turn out to be fraudulent only after anomaly detection algorithms collect enough statistical data about the installs of any publisher

Common fraud issues and solutions

When AppsFlyer identifies fraud, the attribution event associated with the fraud is blocked. This eliminates fraudster gains and motivation. Note: The app install itself takes place and is not blocked. This means the app user can use the app and generate revenue for the advertiser. 

Blocked fraud clicks, installs, and in-app events are found in Protect360 fraud raw data reports.

The following table describes some fraud types and how Protect360 handles them.

Fraud type  Description AppsFlyer solution

设备 ID 重置作弊

Device ID is constantly reset by the fraudster on the same physical device, so as to generate  a large number of installs.

The AppsFlyer database of mobile devices is the biggest of its kind in the world encompassing over 98% of all smartphones known. Using this database AppsFlyer can identify abnormal rates of new devices and consequently denylist sources delivering them.

安装劫持

欺诈者在移动设备上植入恶意软件,这些恶意软件会在下载应用程序时发出警报。立即将一次点击发送到AppsFlyer,以希望赢得此次激活的归因。

Blocks attributed clicks with a very quick CTIT (Click To Install Time) and based on Google Play Server-Side API.

点击劫持

恶意软件会识别激活归因链接的点击,并立即发送另一个点击,如果该点击被归功于它们。

Blocks attributed clicks occurring very fast after other clicks for the same app on the same device.

点击泛滥

发送大量欺诈性点击的移动欺诈,目的是在安装之前提供最终点击。

Blocks attributed clicks from site IDs with a low conversion rate and long CTIT.

行为异常

欺诈者生成不一致且异常的安装后活动的移动欺诈。

Our unique scale allows us to track and understand behavioral engagement patterns on multiple levels - such as by app, region, media source and publisher. Non-human behavioral patterns are identified in near real-time, and blocked at the source.

IP denylists

Fraudsters usually operate from click farms, which may be identified by their IP addresses for long periods of time.

  • IP addresses suspected of fraud are denylisted on a daily basis based on up to date data received from third party global provider Digital Element.
  • 已为所有应用程序启用IP拒绝列表保护。

SDK验证

欺诈者发送虚假的SDK消息来模拟有价值的用户操作。

  • 专有的哈希协议用于在SDK和Web服务之间加密消息,从而防止欺诈者模仿消息。
  • 已为所有应用程序启用SDK身份验证保护。

商店验证

Fraudsters send fake SDK messages to simulate installs or in-app purchases so they can claim high CPA fees. Apple store validations.

Enables install validation on iTunes and in-app purchase validation for both iTunes and Google Play, of any install or in-app purchase that has taken place to prevent attribution of fraudulent activities.

Note: The exact time values, cited above, are withheld to protect our clients.

Additional blocking reasons are explained in the raw data tab.

Using Protect360

Dashboard

The Protect360 dashboard displays aggregate fraud data and providing insights relating to fraudulent traffic.

Dashboard views: 

Installs: Insights about fraudulent installs, blocked in real-time, and identified post-attribution. You can drill down to further examine the fraud events by using the filtering and grouping options.

Anomalies: Information about media sources that have installs with abnormal click-through-to-install time (CTIT) values, when compared with other trusted sources. 

  • Cross-reference the suspicious installs with your raw installs data and look for suspicious signs such as strange app version numbers, old OS versions, distinctive locations, etc. 
  • Use Validation rules to block installs with short CTIT values. Protect360 automatically blocks installs with very low CTIT values.

Raw data

Raw data about fraud is available via Pull API, Data Locker, and Export Data.

原始数据报告分为以下几类:

  • 已拦截的报告:安装,点击和应用内事件报告。其归因被阻止,且用户没有被归因于任何媒体平台。
  • 归因后拦截报告
    • 激活已归因于某个媒体平台,但后来发现是欺诈性的激活。
    • 应用内事件:
      • 归因于媒体平台后被识别为欺诈的安装数量。
      • 不考虑安装本身而被判定为欺诈。
  • 广告主可以使用这些报告,来与广告平台帐户核对,进行优化,还可以调整归因仪表板,查看归因后-重新被判断为假量的情况。

Validation Rules

Rules for target-validation and custom fraud detection (Protect360) enable app owners to ensure that installs are attributed to the most recent valid media source.  If there is no valid media source, the install is attributed to organic. 

Campaign target-validation rules control campaign results. Installs that don't meet campaign targets—are invalid—and attributed as organic installs. 

Protect360 custom fraud rules improve the ability to detect fraud. Protect360 is used to block fraudulent install attributions and correct the attribution of hijacked installs. 

与广告平台进行欺诈对帐

With Protect360, advertisers gain the raw data needed to reconcile fraudulent installs and in-app events with ad networks that may not have recorded fraud.

要使用Protect360协调基于CPI的广告系列,可执行以下操作:

  • 每个月初,请与发生假量的每个广告平台中的客户经理联系。
  • Collect the relevant fraudulent installs raw data from the Blocked installs and post-attribution installs reports.
  • 与广告平台共享欺诈原始数据,以协调和优化流量。
  • Its possible to create a raw data report which includes just the valid installs, but excludes post-attribution fraudulent installs. To do this, you need to download the monthly Attributed UA installs report and exclude all entries from the Post-attribution installs report.

要使用Protect360核对基于CPA / CPE的广告系列,请执行以下操作:

  • 每个月初,请与发生假量的每个广告平台中的客户经理联系。
  • Collect the relevant fraudulent in-app events raw data from the Blocked in-app events and Post-attribution In-app events reports.
  • 与广告平台共享欺诈原始数据,以协调和优化流量。
  • Its possible to create a raw data report which includes just the valid IAEs, but excludes post-attribution fraudulent events. To do this, you need to download the monthly Attributed UA in-app events report and exclude all entries from the Post-attribution in-app events report. 

Traits and limitations

Traits and limitations

Traits and limitations
Trait Remarks 
Advertiser access All team members.
Ad network access
Agency access
  • Require advertiser permission. Once granted agencies can view the Protect360 dashboard and download post attribution raw data.
Agency transparency  
App-specific time zone
  • App-specific time zone is used in the dashboard provided all apps are set to the same time zone.
  • If apps are not set to the same time zone, then the dashboard defaults to UTC.
数据新鲜度
  • Protect360 dashboard: Updated Daily.
    The most recent update time, displays below the date range filter in the Dashboard.
  • 报告:
    • Blocked installs and in-app events: Update continuously in near real-time.
    • Post-attribution: Daily using UTC. 
Limitations
  • Tables limited to maximum 20,000 rows.
  • If you query for a larger data set, some media sources might be excluded. To overcome this limitation, we recommend the following:
    • 查询较小的数据集-较小的日期范围,特定的应用程序和特定的媒体渠道
    • Export Protect360 raw data reports
    • Export Protect360 Aggregated Advanced Detection Reports through Pull API

 Tip

How affected by fraud is your vertical?
Explore our App install fraud benchmarks guide covering a wide range of parameters.

这篇文章有帮助吗?

此组别内的文章