How Appodeal Combats Fraud from Publishers

  • Image
  • 12

There’s a dark underbelly to the world of app publishers, and its name is  fraud. While most publishers stay the straight and narrow, a few members of the community attempt to unfairly game the system to come out on top. Fraud isn’t going anywhere any time soon. So, at Appodeal, we’ve created a thorough testing system designed to detect and block fraudulent activity at a moment’s notice.

Our system is centered on the discovery and management of abnormal activity. Some of examples of abnormal activity in this context include:

  • A higher than average click through rate (CTR) or eCPM
  • Frequent clicks from the same devices, IP addresses and IP ranges
  • Short clicks, meaning a click coming from the same device or IP address in a short period of time
  • Automated scripts designed to click on ads
  • Click farms, in which groups of individuals are paid to click on ads

All of this activity is against Appodeal policy, and we make it our mission to root out such activity as quickly and effectively as possible.

So, how do we do it?

Let’s take a closer look at our fraud detection system.

Linking to AdMob

Apps are filtered before being set up with ad networks. Users are required to link to their own AdMob accounts, and we do not work with users who cannot link to or serve ads via AdMob. We rely on their filters to enhance the quality our apps with the first 1000 impressions always going to AdMob.

Apps that are not present in Google Play, the App Store, or Amazon Underground are limited to 2000 impressions a day, meaning they can not serve more than 2000 impressions without a presence in one of the aforementioned stores.

Inside SDK Protection

The Appodeal SDK boasts interior protection against fraud with the following core components.

Ads Viewability Check

In order to count an impression and send stats to the server, a viewability parameter is used. Each ad element must:

  • Be shown on the screen at least 2 seconds
  • Take up 80% of its real size
  • Be in a visual part of the app

Background Processes Check

When an app goes to background, the SDK controls the processes of waterfall reload and the sending of stats by pausing.

Max Requests QPM (Quantity Per Minutes)

For ad networks and DSP, there is a limitation regarding the allowed number of requests from the SDK. This parameter is managed by DSP itself.

It is impossible to send duplicate clicks stats by shown ad units.

Visual Control

We check all apps that get more than 1000 impressions daily. We monitor which ads are requested, which ads are shown, and if the request stats from the apps are the same.

Request Response Ad Index

This index calculates and predicts the real time to load ads and requests for waterfall . If the interval decreases, we suspend it as there are too many ad requests. Then, we compare it with the impressions stats.

Disabling Banner Refresh and Stopping SDK Activity

We disable banner refresh when the app goes to background.

We also stop all SDK activity if the user is banned for fraud. After the user had been banned by server for fraud, the server notifies the SDK, and the SDK stops making ad requests or showing ads.

Fraud Detection Channels and Manual Analysis

Fraudulent apps feed into 2 detection channels in Slack.

Slack Communication

Information about the app’s location of clicks, device ID, IP address, ad type, and click through rate (CTR) can be found here. From there, our team runs each abnormal app ID, or app identification number, through a series of tests in our Structured Query Language (SQL). This SQL was built by our team to pull data from our dashboard and produce information into this query.

SQL

The App ID is entered into the SQL along with the language used to decipher the amount of clicks, which IP address the clicks are coming from, and which device IDs the clicks are coming from.

We also test the ad type. We break down the information in a way that allows us to see how many clicks are coming from each ad format we offer (interstitial, video, banner, native). While tracking real-time impressions and clicks traffic, if we detect suspicious devices with aggressive fraudulent traffic, they are automatically blocked.

From there, we look for abnormal activity. This might look like a user producing 200-300 clicks from the same IP address and device after averaging 20 to 40 clicks in the past. In this scenario, one of our team members will download the app from the store and test the placement of ads to determine what caused the increase in clicks.

We have seen cases where the app owner places their ads in a spot where they are most likely to be clicked on, which interferes with the game or purpose of the app. In this case, we will warn the user, and he or she will have 5 to 7 days to change their placement and format. If the customer can substantiate the source of fraud traffic (eg. active testing applications), we do not block the application.

Publisher Communication

We analyze impressions and clicks for fraud activity, detect fraudulent click traffic, and calculate the fraud through rate (FTR) in relation to fraudulent clicks divided by all clicks.

Furthermore, when we suspect that a high FTR is due to an ad format or placement, the manager will contact the user, and suggest the removal or adjustment of the ad to decrease the FTR. If no actions are taken within 7 days or the user refuses to cooperate and fraud remains persistent, the app is blocked.

Clicks from an IP subnet can point to suspicious activity. However, in some cases IPs are not from one subnet. We can resolve the IP address by getting more information through a WHOIS service.

This service reveals who is the provider of a given IP address, even when a VPN is used. Different ip addresses may be revealed as having the same VPN provider, which falls into the category of suspicious activity.

vpns

We also check for bot clicks, which happen when a user employs third-party bots to click ads on their app. Take for example a botnet we dealt with in November of last year. Our team found all all 49K impressions coming from one single ip address only with 17 devices producing an average of 2850 impressions each.

App CFC (CallsFreeCalls), app_id = 3575. exchange clicks for phone calls. 2015-08-02 ip 69.116.107.24 made 3791 clicks. App blocked.

table1a

table

Fraudulent clicks are easily detected by the amount of clicks counted on the SQL and also by  timing the intervals between each click. These users are banned right away without warning.

We’ve also encountered cases where publishers have offered a service or some other type of incentive in exchange for ad clicks. As you’ll see in the histogram below, almost all of the clicks made in this occurrence were made in short intervals, with half of the clicks having less than a 15-second interval.

histogram

Bottom line: In cases of absolute fraud, we remove the user in question right away.

Tags:
  • VIKINGS

    “Furthermore, when we suspect that a high FTR is due to an ad format or placement, the manager will contact the user, and suggest the removal or adjustment of the ad to decrease the FTR. If no actions are taken within 7 days or the user refuses to cooperate and fraud remains persistent, the app is blocked.”

    Hold on a second, you mean that if I simply get lucky and an ad format gives me a lot of clicks(without me using bots or putting the ad in a suspicious place or other nasty stuff like that) and that makes my FTR high you guys will tell me to remove it and I have no choice but to comply or be banned?
    How is that fair?

    • Pavel Golubev

      A lot of clicks is not a problem. High FTR (accidental clicks to regular clicks ratio) is a problem.

      • VIKINGS

        Thanks for the reply Pavel,

        And can that high FTR happen accidentally, without any wrongdoing on my part?

        Or heck let’s take it one step further.
        Le’st say someone, for whatever crazy reason, decides to test his new bot program on a random game from the googleplay store, and it just so happens to land on one of my games….(I’m assuming here that it’s possible to create a bot program that clicks ads without the person who created the app having to put any of the bots code into the app? aka the person who created and uploaded the app has nothing to do with it?)

        What are my options then? Cause you say “Bottom line: In cases of absolute fraud, we remove the user in question right away.” and I guess that would qualify.

        P.S. I just want to clarify for anyone reading this that I’m not trying to be negative to what Appodeal is doing here, I totally agree that you should take care of people like that. And one of the results is probably gonna be that advertisers trust appodeal more which= more ads which= better fill rates which= more money for all of us, right?:P
        I’m just trying to gain a better understand of how these things work.

        • Pavel Golubev

          It might be not your intent to place ad in a way that it produces accidental clicks. But high FTR is always a result of high amount of accidental clicks. If your app produces high amount of accidental clicks (even if you did not do it on purpose), Appodeal would reach out to you and give you a 7-day notice to release an update and change ad placement to decrease amount of accidental clicks or switch to another format, like rewarded video, which is less prone to accidental clicks.

          There are two kinds of artificial activity — basic and sophisticated.
          Basic artificial activity is easily detected by Appodeal SDK and backend and blocked in real time, thus no harm to publishers and advertisers. So even if you or one of your competitors runs a basic bot against your app, it will be blocked immediately.

          Advanced botnets are harder to detect and impossible to block in the real time, however, such botnets require significant investments to operate. It does not make any sense economically to run a botnet against competitors application, because expenses would be much higher than a potential earnout.

          There are many efficient ways to harm a competitor, but running a botnet is not one of them.

          • VIKINGS

            Ok, got it. 😀
            Thank you for the explanations. Can’t wait to see how appodeal performs, my first game that uses it should be ready for publication in a week or so. 🙂

          • Pavel Golubev

            Drop me a link when it’s available. Will check it out!

          • VIKINGS

            Cool, I will! 😀

          • Hey Paul,

            My game is finally out. You can check it out at the link below. And if you like it please do your best to spread it around. It’s my forth game, and after the first 3 flew under the radar and nobody noticed them, I’m hoping that won’t happen to this one too…:(

            https://play.google.com/store/apps/details?id=com.vikingsproductions.CuteMonstersAttack

            Let me know what you think. Thank you, have an awesome day.

          • Pavel Golubev

            Congratulations! Really good job. If this is your only 4-th game, you truly have a talent. I like game mechanics and it seems promising. Remember, games with a similar mechanics are typically preferred by women. Also, the game has a good balance of casual and hardcore, which means that it is relatively easy to start playing it without having to learn too many rules and at the same time it gets harder over the time, which means you get more engaged users.

            I would suggest to soften the soundtrack a little bit and add support for wide screens.

            Aside from this you need to think about your user acquisition strategy. Generally speaking, video bloggers on Youtube can be a very good and inexpensive distribution channel for indie games.

            Also I will share your game on my Twitter now.

          • Loool, cmon, you’re making me blush. 🙂 Talent, who, me? Neah…
            But thank you very much for your kind words, and for your tweet. 😉

            Yeah, the songs I picked got mixed reviews from my few testers. Some said they where ok, some said they didn’t really fit the game. Problem is I’m not very good at the whole music thing and knowing what fits and stuff.

            As for the wide screens, no chance… I spent days trying, read every tutorial I could find, messaged people asking them to teach me, etc. but I still can’t get my head around designing a game for multiple screen sizes…. 🙁

            Well since I am sadly working on a 0 budget my user acquisition strategy pretty much consists of :
            – posting on whichever forums have a section that allows you to promote your game;
            – sending review request emails to sites that do(in theory) free reviews;
            – using IDRTG(a retweet group for indie devs);
            – and asking my friends to help spread it wherever they can…

            So far it hasn’t worked, none of my other games got over 60 installs… the highest one was Nutty Flyer with 59 total installs.
            Hopefully that won’t happen to this game as well, but I don’t have much hope left in me….

            As far as youtube goes there sadly don’t seem to be many channels that do android reviews, and the few that replied to me did ask for money in exchange for the review, not a lot of money, but still more then I could afford on a 0 budget…

          • Pavel Golubev

            Don’t give up. I personally know a bunch of indie developers that started with $0 and ended up with hundreds of thousands of dollars pouring in every month. But you gotta be consistent. Rather than working on 5 different games, focus on 1. Collect feedback and re-iterate it over and over again. Eventually you will succeed.

          • Loool, hundreds of thousands… I don’t even dare dream of that…
            I’d be happy even with just $300 per month(that’s around the minimum wage in my country)…

This is a unique website which will require a more modern browser to work! Please upgrade today!