Install fraud threatens the app market

Install fraud threatens the app market

The mobile app market will have to gear up for the fight of its life against install fraud.

The app market is growing, but so too – predictably – is the risk of fraud.  In fact, it is becoming so common that it is presenting a serious threat to the industry.

Called either ‘click fraud’ or ‘install fraud’, some experts have already termed it the bubonic plague of the app advertising world.  In 2014 it cost the industry $11 billion in lost revenues, and it appears to be growing in scale.

The scam targets the very thing that has been driving online advertising for many years – the concept of pay per click, in which advertisers pay publishers for click-throughs to their site or downloads of an app.  The issue is that an individual or programme can click on the link to create the impression of genuine traffic, and the advertiser ends up getting hit in the pocket when traffic increases but sales do not.

A growing problem

According to analysts at SunTrust Robinson Humphreys, as much as 50% of publisher traffic could be ‘bot’ activity in which programmes click on advertisements, accounting for 11% of page views and 23% of video ads.  The mobile app market is particularly vulnerable.  In 2012 a report suggested up to 40% of all app fraud could be fraudulent.

For a relatively young industry still finding its feet, this could spell trouble.  According to the University of Alabama the app industry could be $77 billion worldwide.  With many of these developers being small-scale with low awareness of the problem and relatively unsophisticated defence mechanisms, they represent a tempting target.

Fighting the crooks

The market is taking measures to combat the issue, but fraudsters are still one step ahead.  Ad networks through which many of these frauds are committed are reluctant to take action – and make massive bites in their revenue – and it remains difficult to distinguish between real traffic and spam.

One suggestion from Paul Muller, whose company fell victim to this type of fraud, is for developers to learn the difference between real traffic and bots.  The trick is to spot the way a human behaves compared to a programme.

Writing for Venturebeat he stated that real users will typically download an app immediately after they click.  As time goes on it becomes increasingly unlikely that he or she will click on a link, which means developers can expect to see declining installs over time.  With a bot this does not happen.  Downloads remain relatively flat, which helps you spot fraudulent activity.

Developers can also look at user retention.  Fraudulent downloads tend to show zero usage on days three and seven after the install.  Sophisticated tracker tools are also coming to market to make it more difficult to fake installs.  Developers can also be careful about who they buy from, ensuring they use only tried and tested sources – ideally who they have already bought from.

It will continue to be a game of cat and mouse.  For every move the developers make, the fraudsters will respond.  However, the more the industry works together to combat this new threat, the greater its chances of prevailing will be.