3 Types of Metrics to Detect Bots in Mobile Apps & How to Use Them

Only 60% of internet traffic comes from real users, with the remainder generated by various bots, software designed to automate certain tasks.

There are at least ten dangerous fraud scenarios in apps: stealing traffic, carding, fake installs, DDoS attacks, password cracking, emulators, click flooding, scalping, payment fraud, and more. Bots often cause loss of revenue for app developers one way or another and make them suffer significant reputational and financial losses.

It is important to use fraud prevention tools to monitor the quality of your ad campaigns and ensure more efficient ad spending.

What Metrics Catch Bots?

First of all, we use the term "bots" for multiple fraud scenarios, including emulator fraud, reflashed phones, and software emulating certain game functions.

There are click, hardware, and in-app metrics to detect these bots.

  • Click metrics help spot abnormal device activity even before the app install. This includes fast clicks and suspicious ad views, as well as too-short Click to Install Time.
  • In-app metrics focus on post-install user behavior, checking for CPA fraud, suspiciously high session frequency, no activity, etc.
  • Hardware metrics check the device parameters. This is also a way to detect bots or emulators. For example, it’s how a device that says it’s manufactured by Apple while having the OS or screen resolution of a Xiaomi phone, can be uncovered.
metrics to detect bots in apps

The metrics also take into account user activity at the pre-install / advertising interaction phase, as bots can repeat certain actions automatically at programmed intervals or act much faster than human users. Another important detail is transmitted device parameters because bots can emulate old devices or emulate them partially/incorrectly. The metrics are also designed to track the post-install activity: bots may leave the app after a certain action or show no activity at all.

No single metric can detect all sorts of fraud. That’s why it is important to use a comprehensive solution with a combination of metrics, making bot detection more accurate. It is even better if it displays the fraud risk level for you to decide how to respond: block certain accounts, change your ad partner, ban users by IP, add new protection algorithms, etc.

Here’s our list of top metrics for bot detection:

  • Session duration.
  • Abnormal session frequency (either no activity or 24/7 in-app activity).
  • Suspicious devices (tracking of data on the device’s OS, display, brand, model, or mobile operator helps you tell a tablet or a smartphone from an emulator).
  • CPA fraud – diluting quality activities with bad traffic.
  • Inactive installs (if there are too many, take a closer look at the ad platform that brings you this traffic).
  • Click to Install Time – a time period between the ad banner click and the app install (a too-short CTIT is an indicator of bot activity).
  • View Time to Install – the time period between the last ad banner view and the app install.
  • Click Time to Click – the time period between the last and the last but one click before the install. It would be unusual if we saw one user make two clicks on different ad banners within a very short time, and even more so if they came from two different ad networks. Maybe one of them is trying to "steal" traffic from the other. Or it may be using bots on you.

Why Use Complex Bot Detectors?

There are plenty of indirect indicators of fraud, so you need a comprehensive tool combining various metrics to give you a general overview.

In Fraud Scanner by myTracker, for example, the metrics are grouped into three types for your convenience: click, hardware, and in-app metrics. They are also broken down by fraud probability level into strict, confident, and soft.

    • Strict fraud includes the most obvious and undisputed types of fraud such as stacking clicks, emulated devices, and abnormally quick installs. If the system detects deviations in these metrics, it indicates quite a reliable level of fraud.
    • Confident fraud means abnormally short sessions, inactive installs, and suspiciously low CCR. It requires a deeper dive and taking into account some context. Do you have other suspicions? Is your ad partner reliable? You can go even more in-depth and separately scrutinize the analytics for one of the 16 metrics.
    • Soft fraud includes deferred installs and a far-too-low CVR. The system detects substandard indicators, but it isn’t certain whether they point to fraud. Zero soft fraud is great, but 100% isn’t necessarily bad. Some metrics might show unusual results due to a specific ad channel, unique user, or other atypical ad parameters. To identify the root of the anomalies, you will need to take a deeper dive.

    How is it easier to work with metrics when they are organized this way?

    • Easier to know which indicators to focus on.
    • More convenient to deal with the activities that are most likely to be fraudulent.
    • Soft fraud metrics help you detect the least obvious fraud that is well-concealed among the legitimate traffic.
    • Too busy to dig into fraud? Just filter by strict fraud only. You can look at other metrics whenever you can and want.
    • Fraud tracking can be conveniently aligned with your marketing strategy: if you’re ready to waste 20–30% of your ad budget on fraud, you can only check the strict metrics. Conversely, when you want to make every marketing effort count, confident and soft fraud metrics and more detailed reports are at your disposal.

    To try Fraud Scanner, create a free account in myTracker.

    Fraud Scanner's Fraud Benchmarks

    Fake installs and traffic are so widespread that almost every app or ad platform has them. What is more interesting and relevant is your own fraud rate. Suppose it’s lower than what your peers have? Or is it the other way around – a high fraud rate kills your ad campaigns?

    To properly assess the threat of fraud, you can use special indicators called benchmarks. These are the fraud indicators present in an average app. Precise benchmarks are set using machine learning, with algorithms analyzing large amounts of accumulated data to calculate the average indicators.

    myTracker has a complex multilevel system to monitor the benchmarks, yet it’s very user-friendly. When everything’s OK, all fraud indicators in your Fraud Scanner report are marked green. If any indicators go above the benchmark, the system warns about fraud anomalies by marking them in red.

    strict fraud metrics Fraud Scanner

    There are no benchmarks for combined (strict, confident, and soft) fraud metrics. It’s up to the manager/project leader to decide whether the indicator is high or low. Some businesses don’t mind losing 20% of their traffic to fraud and plan their campaigns accordingly. We, however, believe that 5% in strict and 7% in confident fraud is too much.

    Emulated Devices Metric as an Example of Fraud Detection

    This metric considers install as fraudulent if there’s an abnormal deviation of the device parameters from the actual models of mobile devices. Fraudsters rarely expect you to use fraud detection tools and simply don’t waste time on adjusting proper settings for their emulators or reflashed smartphones prior to installing a new app.

    Emulated devices are a strict metric. If the device parameters don’t match those announced, it’s probably a scammer or bot rather than a real user.

    Emulated devices_Fraud Scanner

    Have a look at the benchmarks: if there were too many installs by emulated devices in the selected period, myTracker would highlight the figure in red. Pay more attention to this traffic. If the fraud repeats, you can stop paying for it (move to platforms that bring no fraudulent traffic) or claim damages from the ad company.

    A Step-by-Step Guide on How to Detect Fraud

    Step 1: Create an account

    Use our Wizard to create an account in myTracker.

    Step 2: Integrate myTracker SDK

    For web platforms, simply install the counter code. For mobile platforms, connect the myTracker library, set the required permissions, and configure the tracking system. More details on iOS, Android, and Unity. Log in to tracker.my.com to see the gathered data.

    Step 3: Open the Report Builder or Templates

    Open the Report Builder, or, even faster, go to Templates and select the last option, Combined fraud metrics.

    report builder with fraud scanner

    Step 4: Select a reporting period

    Select a reporting period in the upper right corner. You will see the data on users who came to you within the selected period after you integrated the SDK with your app (for a faster check on project indicators upload the necessary data to myTracker using our S2S API).

    reporting period in fraud scanner

    Step 5: Add fraud metrics to the Report Builder 

    To add fraud metrics to the Report Constructor, press Select from list → Metrics by device / Metrics by user → Fraud Scanner → Strict/Confident/Soft Fraud Metric. Click the Calculate button and you will see the result table.

    fraud metrics in report builder

    Step 6: Add more dimensions to identify traffic sources

    All detected confident and strict fraud will be marked in red. Add more dimensions to identify traffic sources: Select from list → Dimensions → Traffic source → Campaign or Partner.

    fraud traffic sources fraud scanner

    Step 7: Add particular metrics to dig into fraud causes

      Use particular click and in-app metrics to dig into fraud causes. For instance, you click In-app metrics → High Install Rate and find out that on a particular day you had abnormal traffic attributed to one ad partner. Select those metrics that are included in the combined metric where fraud has been tracked.

      Fraud metrics in Fraud Scanner

      In conclusion

      As you can see from the above steps, it’s best to begin with myTracker’s combined metrics and then move towards a detailed picture step-by-step by adding more dimensions and fraud metrics to get a better understanding of the situation and measures to address it.

      Looking for a free and comprehensive fraud detection tool combining various metrics?