Check Click Injection defense settings and reports
FollowAd Fraud: Click Injection
Click injection refers to a method of stealing open attribution performance by generating a false click right before the user installs the app and runs it. Due to Click Injection, normal media may lose open attribution performance, and contributions that should be judged as natural inflow are judged as media contributions. Organic cannibalization may also occur.
Click Injection is characterized by a very short Click To Install Time. The reason is that malware, which is the subject of ad fraud, must generate a false click in the short period between detecting app installation on the users device and running the app in order to be recognized as the last click and steal the open attribution performance. Because there is.
DFINERY provides CTIT indicators as an analysis report to estimate click injection, and furthermore, a solution to prevent click injection at the source using the Google Play referrer API (Android) and a solution to control the CTIT section set through Fraud Kill-Chain. Provides:
1.Prevention of Click Injection using Google Play Referrer API
[[Quote:Information:Small]]
Please refer to
해당 솔루션은 Google Play Store(For Android)에서만 적용되며 연동가이드에서 안내하는 리퍼러 API를 반드시 연동해야
The Google Play Referrer API (hereinafter referred to as “Referrer API”), released by Google in November 2017, is an API that informs users of the start time of app installation. This is an important feature in that it can prevent click injection during ad fraud. Click Injection can be fundamentally prevented by excluding all clicks that occurred between the users app installation start time, known through the referrer API, and the app execution time, known through the SDK, from open attribution judgment.However, this solution is only applicable to Google Play Store (For Android) and must be integrated with the referrer API provided in the integration guide.
2. CTIT Rule: Control of set CTIT (Click To Install Time) section
[[Quote:Warning:small]]
Be sure to check it out
1. The minimum time it takes to run an app after installing it varies greatly from app to app.
Please identify physically impossible CTIT sections through actual click-and-run testing, then consult with your partner to apply the CTIT Rule. If the set CTIT Rule range is greater than the actual minimum time, not only fraudulent traffic introduced through Click Injection but also normal traffic may be judged as Ad Fraud.
2.
Deeplink Open is essentially an open attribution item that counts when the app is launched at the same time as the click. Because it has different tracking properties from other New Install and Re-Install items, it is excluded from the CTIT Rule.
Click Injection can be suspected if the Click To Install Time is very short. If you suspect Click Injection, measure the time it takes to run the app after clicking an ad several times, then identify the CTIT section that cannot physically occur and apply that section value to the CTIT Rule item. The CTIT Rule controls New Installs and Re-Installs that record the CTIT corresponding to the section set by the user by considering them as Ad Fraud.
Since the network environment is different for each country, the average minimum CTIT interval is different. DFINERY provides a country-level CTIT Rule detailed setting function so that you can set a CTIT Rule suitable for each country's network environment.
How to set up (CTIT Rule)
1)
Activate
the toggle.
2) Select
a section option
.
- >:
Traffic with a CTIT of less than the set number of seconds (Sec) is judged to be Ad Fraud and controlled.
-Between:
Traffic that records the set second (Sec) site value CTIT is judged to be Ad Fraud and controlled.
3) Enter
the section time (seconds, Sec)
to be controlled.
4) When applying a country-level CTIT Rule, click the
+Add
button to create and set detailed conditions.
5) After completing the settings, click
the edit
button at the bottom right to save the settings.
Setting example (CTIT Rule)
The reason for blocking is interpreted based on the directly set example screen and applied to the actual settings.
All examples described are subject to
the global terms of exclusion from attribution and no postbacks
.
1.
When set to Default > 10 seconds
- When a user enters by recording a 7-second CTIT:
Controlled as Ad Fraud
- When a user enters by recording an 11-second CTIT: Determined as the last ad touch advertisement performance - When a user enters by recording an 11-second CTIT: Determined as the last ad touch advertisement performance
2.
When setting Korea > 7 seconds without default setting
- If a Korean user records a 5-second CTIT and the influx occurs: Controlled as Ad Fraud
- When US users are imported by recording an 8-second CTIT: Determined based on the performance of the last ad touch advertisement
- If a Korean user entered by recording an 11-second CTIT: Determined as the performance of the last ad touch advertisement - If a Korean user entered by recording an 11-second CTIT: Determined as the performance of the last ad touch advertisement
3.
When applying two settings: Default > 10 seconds, Korea > 7 seconds
- If a Korean user records a 5-second CTIT and the influx occurs: Controlled as Ad Fraud
- When a US user is imported by recording an 8-second CTIT:
- When Korean users are imported by recording an 8-second CTIT: Determined based on the performance of the last ad touch advertisement
[[Quote:Information:Small]]
In example 3, if a Korean user recorded an 8-second CTIT and was imported, why is it judged as a medium performance?
+ The added country-level detailed CTIT Rule is a separate CTIT Rule setting for specific country traffic, so it is not affected by the basic CTIT Rule only for the set country traffic. In other words, country-level settings have properties that override default settings.
Apply Fraud Kill-Chain global settings
1) Default setting: Recommended setting method
- The corresponding traffic is not included in the attribution report and is classified as Ad Fraud (Or Organic).
- We do not post back the relevant traffic to the media company.
- You can check the corresponding traffic size in the Fraud Index report.
2) Included in attribution but excluded from postback
- The corresponding traffic is included in the attribution report and classified as partner performance.
- We do not post back the relevant traffic to the media company. (There is a numerical difference between the console report and the media company report)
- You can check the corresponding traffic size in the Fraud Index report.
3) Include in attribution and send postback (no reason)
- The corresponding traffic is included in the attribution report and classified as partner performance.
- The relevant traffic is posted back to the media company, but no reason for fraud is sent.
- You can check the corresponding traffic size in the Fraud Index report.
4 ) Include in attribution and send postback (including reason)
- The corresponding traffic is included in the attribution report and classified as partner performance.
- Post back the relevant traffic to the media company, including the reason for Ad Fraud (
{blocking_reason}
macro-linked media only). - You can check the corresponding traffic size in the Fraud Index report.
Macro-linked media only) Postback including reason.
- You can check the corresponding traffic size in the Fraud Index report.
Check the report
Traffic controlled by Traffic Control can be checked through the Metric items below in the Single Touch Attribution report.
Level | Metric Name | Contents |
First Open |
Click Injection_CTIT Rule (First Open)
|
Number of New Installs and Re-Installs blocked by CTIT Rule |