App Install Fraud 2018-05-11T16:06:14+00:00

App Install Fraud

App install fraud is a growing problem for mobile platforms and app developers, with fraud rates reaching as high as 50% for some ad networks. Detecting these fraudulent installs is becoming harder as fraudsters camouflage their installs with increasingly sophisticated techniques like location and device spoofing, click jacking, and simulated user activity. DataVisor’s Unsupervised Machine Learning Engine is uniquely capable of detecting these fraudulent installs because it analyzes all accounts and events simultaneously, uncovering the hidden connections between them. This allows it to detect entire rings of fake installs at once, even when each install is not suspicious when analyzed in isolation.

How Attackers Generate Fake Installs Undetected

IP obfuscation account takeover

IP Obfuscation

Proxies, VPNs, and cloud-hosting services allow attackers to evade IP or location blacklists and digital-fingerprint solutions.

Massive bot armies for account takeover

Fake user Activity

Fraudsters use cheap, on-demand mechanical turks to create fake post-install activity to appear more authentic and evade rules-based detection.

Device obfuscation for account takeover

Device Obfuscation

Fraudsters utilize mobile device flashing, virtual machines and scripts to appear as though they are using different devices.

Probe for weaknesses red v0

Probing Weaknesses

Attackers probe their target’s detection methods at small scale first, then launch massive campaigns after they find exploitable weaknesses.

Why UML is Needed to Detect Fake Installs

Rules engines and supervised machine learning models are often fooled by the sophisticated techniques fraudsters use to camouflage their fake installs. These techniques change rapidly and make fraudulent installs appear very realistic when viewed in isolation. Datavisor’s UML Engine is uniquely capable of combating these techniques because it analyzes all accounts and events at once, detecting the hidden connections between suspicious installs. This allows it to detect entire rings of fraudulent installs at once, even when each install is not suspicious in isolation. It also detects new and rapidly changing attack techniques without needing training data or labels.

Early detection of account takeover

Stop New & Evolving Attacks

Automatically detect new and rapidly evolving attacks without waiting for training data or labels.

high accuracy and coverage to detect account takeover

Accuracy and Coverage

Analyze hidden connections between accounts to detect more attacks while lowering false positives.

Lower false positives blue v0

Analyze Post-Install Events

Maximize detection by analyzing all data points, including post-install app launches and in-app events.

applications blue v0

Traceable Fraud Reports

Provide detailed, verifiable evidence of fraud to ad networks to justify each refund and understand fraud patterns.

Learn More About Fighting App Install Fraud

Case Studies

App Install Fraud Case Study

DataVisor has partnered with one of the most well respected gaming companies in the world, with a massive install base of more than 300 million users across 180+ countries, to help them fight user acquisition fraud.

Download Now »

The DataVisor Detection Solution

Unsupervised Machine Learning Engine

Predict new, unknown threats without labels or training data by analyzing hundreds of millions of accounts and events simultaneously using the industry’s most advanced unsupervised learning technology.

Supervised Machine Learning Engine

Use industry leading supervised machine learning algorithms to augment the unsupervised machine learning detection with client-provided labels.

Automated Rules Engine

Generate and deprecate rules automatically, lowering maintenance costs and improving results explainability.

Global Intelligence Network

Aggregate and analyze the industry’s broadest array of digital fingerprints and signals from billions of users across a variety of industries.

What’s Happening with App Install Fraud

Threat Blog

Mobile Fraud Gone in a (Device) Flash

Device fingerprinting, i.e., collecting information from a device for the purposes of identification, is one of the main techniques used by online services for mobile fraud detection. The goal is to recognize “bad” devices used

Read More »

Ready to enhance your detection with unsupervised machine learning?