Mobile App Fraud Surges as Fraudsters Grow More Sophisticated

Combating mobile ad fraud can all too often seem like a game of whack-a-mole: You may find a patch for one form of attack, but soon enough, fraudsters will rear their heads with new, more sophisticated schemes. This dynamic is laid bare in AppsFlyer’s latest State of Mobile Fraud report, which reveals a surge in fraudulent installs and in-app purchase events in the first half of 2019.

The recent uptick follows months of steadily declining fraud. After a wave of bot attacks in the summer of 2018, mobile app protection solutions rose to the challenge, forcing fraudsters to adapt. And adapt they have: Fraudulent app installs spiked from 16.6 percent in January to 22.6 percent in June, with a total of $2.3 billion in ad spend exposed to fraud in the first half of this year.

What explains the reversal of fortune? Beginning in April, fraudsters’ evolving tactics started bearing fruit. Device farms with physical devices gave way to device emulators, which can easily scale with automated scripts. Real software development kits (SDKs) and apps replaced fake ones. Rather than copying existing SDK messages, fraudsters began faking open source operating systems using emulators.

For retailers, fraudsters increased sophistication represents a growing threat to hard-earned revenue. The report, which examined 2.5 billion nonorganic installs across 9,500 apps, found that fraud extended well beyond app installs to include in-app events — even purchases. Overall, 2.1 percent of purchase events in Q2 were fraudulent, a tenfold increase over Q1. Purchase fraud on shopping apps remained relatively flat, rising from 2.9 percent in Q1 to 3 percent in Q2.

Shopping ranked among the hardest hit verticals, with $370 million in ad spend exposed to fraud, second only to finance apps, where fraudsters’ prospects for hefty payouts drove the exposure of $750 million in ad spend.

Fitting longstanding trends, Apple’s iOS proved far more resilient against fraud compared to Android’s OS. Android’s 29.1 percent fraud rate was six times higher than iOS’s 4.5 percent rate, a disparity that’s largely explained by Apple’s more stringent vetting procedures for apps to enter its App Store. Regions with higher Android penetration, including Southeast Asia and India, saw much higher rates of fraud.

How should retailers safeguard their apps? It’s essential to select media partners with uncompromising standards for transparency and brand safety in any market, but especially for retailers running campaigns in high-growth markets disproportionately vulnerable to fraud. Meanwhile, fraud protection solutions that run on advanced machine learning and artificial intelligence capabilities are vital to monitoring app activity and thwarting fraud at both the install and in-app levels.

Unfortunately, not all fraud can be blocked in real time, with 16 percent of fake installs going undetected. Retail marketers should therefore prioritize solutions that combat fraud across the app event life cycle.

If past is prologue, the latest wave of fraudulent attacks will crest as mobile apps and protection providers meet the threat head on. But in good times and bad, there’s no substitute for vigilance. In the war against app fraud, there’s no such thing as a permanent victory.

Michel Hotoveli is a fraud expert at AppsFlyer, a mobile app measurement and attribution analytics platform.