Around 40% of Internet traffic is generated by bots and emulators, which can be used not only by fraudsters to steal ad budgets, but also by advertising platforms to quickly deliver results that their advertisers want. These ways of generating fake web traffic that mimic humans are known as fraud.
Fraud emerged around the same time as the mobile advertising market, evolving into a major problem over the last few years as the industry’s budgets skyrocketed (from USD 381 bn in 2020 to USD 571 bn in 2022) and fraudsters’ technologies grew increasingly sophisticated. In 2019, total global losses to fraud stood at USD 23 bn, before reaching as much as USD 35 bn in 2020. Today, advertisers have to constantly monitor their traffic and fight illegal activity to make sure their ad budgets are not lost to fraudsters.
One of MyTracker’s priorities is to help our customers protect their advertising budgets from fraud. To do that, we have Fraud Scanner, an anti-fraud system we have created in-house.
Using the Fraud Scanner tool, we carried out a study that provides an overview of what fraud looks like in different app categories and regions of the world. If you look at these data before launching your ad campaigns, you will know what to expect from a specific platform and how to better prevent fraudulent actions.
We studied fraud in the apps of our customers and partners globally throughout 2021.
Over 800 million
From January 1 to December 31, 2021
Click fraud is based on install hijacking, which causes the install to be attributed to another partner.
It is detected by analyzing the click/view or install time and other indicators. For our study, we looked at the following click metrics:
Hardware fraud usually involves bots that emulate the standard installation process.
It is detected based on mismatches in certain parameters of the device. In our study, we relied on the following hardware fraud metrics:
Post-install (behavioural) fraud involves smart bots that perform various actions after an install is completed to meet the goals of the ad campaign.
This type of fraud is detected by comparing post-install actions against the actions of real users. For our purposes, we used the following behavioral fraud metrics:
The average level of fraud in apps worldwide is 4–6%, depending on the platform. Fraud is getting more sophisticated, with a shift towards post-install fraud. As an example, a smart bot can launch a game, complete a couple of levels, and even make a payment.
Android has higher hardware fraud levels than iOS (37% vs 24%). This is because Android devices make up 86% of the market and are easier to emulate due to their open-source architecture and the popularity of ready to use emulators.
iOS has a greater share of post-install fraud (55% vs 34%). Click fraud has the same levels on both platforms.
The CIS countries have the lowest fraud levels. This subdued fraudster activity is because the CIS has smaller ad budgets. For context, in 2021, advertising expenditure in the USA stood at USD 285.21 bn, in China at USD 90.94 bn, in Japan at USD 51.75 bn, and in Russia at a mere USD 7.65 bn.
The highest levels of fraud are seen in Central and West Africa. This might be due to the fact that these nations are known as VPN hubs, and fraudsters use VPN to make themselves harder to track.
Europe and North America have approximately the same share of fraud by platform as these two regions are home to almost all the countries where audiences have the highest purchasing power.
Almost all regions are dominated by hardware fraud, which is typical of Android.
For the CIS, however, the situation looks different. Here, the share of hardware fraud is lower, while click and post-install fraud have higher levels. A possible reason could be that the CIS initially developed a lot of software for bots, basically turning the region into a realm of smart bots.
The two platforms are very different in terms of fraud breakdown. In contrast to Android, iOS has more click and behavioral fraud. Click fraud is getting traction across all regions on old iOS versions, which are not affected by the ATT framework and need for user consent to share IDFAs.
In the CIS, both iOS and Android have the same fraud breakdown.
The main type of fraud in the Games category is hardware fraud. The Entertainment, Social and Utilities categories are dominated by post-install fraud, mostly smart bots.
This distinction stems from the fact that the Games category more often relies on CPI (Cost Per Install) campaigns, where budgets are spent based on app installs. This is something even the simplest bots can emulate.
In the Entertainment, Social and Utilities categories, CPA (Cost Per Action) are used more often, with budget spend linked to specific actions inside the app. To emulate those actions, smart bots are created, leading to high levels of behavioral fraud.
Click fraud is the least popular in most categories as it is the easiest to detect compared to other types. Still, this is the most common type of fraud in E-commerce.
Post-install fraud is the leader on iOS in the Entertainment category, coming close to 80%; however, in E-commerce, it only accounts for 20%.
This might be due to the fact that Entertainment apps have trial subscriptions and refunds, while in the E-commerce category, actual goods are purchased, which makes it much more complicated to make a fake payment towards a purchase.
Post iOS 14.5+ changes, fraud detection has become increasingly complicated, especially for click fraud, as there is no longer a link between the install time and ad interaction.
Hardware fraud detection methods remain relevant and effective, but the missing link now makes it impossible to detect which partner or ad campaign is generating the fraud installs.
As a result, iOS is increasingly convenient as a platform for fraud, with fraudulent activity picking up. Our study shows an increase in fraud based on the quick installs and low CR metrics.
As expected, we see an increase in click fraud based on the quick installs metric after iOS was updated to 14.5. This is because the changes stopped the sharing of data on ad interactions of users, other than those who gave their ATT consent.
Since 14.2, the levels of fraud for the latest versions of iOS have almost tripled. This is an sign that the level of fraud on the platform is picking up.
March 2021 saw a decline in fraud levels thanks to Android updates. As usual, fraudsters adjust and improve their techniques, but there is no going back to previous levels.
Between August and November 2021, there was an increase in device emulators on iOS. November saw an abrupt reduction, which coincided with the 15.1.1 update, for which no description of the changes was provided.
Fraudsters adjust their practices to all updates and technologies, meaning that, so far, there is no universal method of protection.
However, each region and app category has their own fraud trends, so before launching an ad campaign, it might be worth looking into this data to keep your ad budgets secure.
We also have articles on how to understand fraud scenarios and tackle them. Give them a read on our blog:
To fight fraud, you need to use dedicated anti-fraud systems. An example is Fraud Scanner by MyTracker. Using this tool, you can protect your mobile and web ad campaigns at each stage of interaction with the app and website.
This is an automatic system that provides extensive reports for you to export and send to your advertising partner as proof of fraudulent installs to get your budgets back. Protect your app or website from all types of fraud!