Click Injection Defense Setting and Report

AD Fraud : Click Injection

‘Click Injection’ means the fraud method which snatches away the install credits by generating fake clicks right before the ‘app open’ after the user installs the application. Because of the ‘Click Injection’, normal media loses count of legitimate new installs. Also, there is ‘Organic Cannibalization’ phenomenon which an organic install users are judged as specific media’s performance. 

The traffics with ‘Click Injection’ has a very short CTIT(Click to Install Time) which is a time it takes from click of the ad to app open. That is because, in order to take the credit for the new install, the Malware(the fraudster) needs to detect the app install from the users’ device and generate fake clicks before the users actually open the app. 

We provide ‘CTIT Index’ as a report so that you can examine ‘Click Injection’ status. Also, you will be able to enjoy the eradication of Click Injection with Google Play Referrer API(Android) and independent solution to control the CTIT range with Fraud Kill-Chain.

1. Eradication of ‘Click Injection’ with Google Play Referrer API

[[인용:정보:작게]]Take Note!

This feature only applies within the Google Play Store(For Android), and the app must be integrated the referrer API elaborated in the integration guide.

The Google Play Referrer API( ‘Referrer API’) unveiled by Google on November, 2017 is an API which informs the time of user’s app install. This is essential feature since we can prevent ‘Click Injection’ amongst many other AD Frauds. With ‘Referrer API’, we can tell the time of user’s app install and with SDK, we can tell the time of user’s app open. Then, with these two timestamps, we can exclude all the ad-touches(clicks) which happened between the two time records. One thing to take note is this solution will only be applied in Google Play Store(For Android), and must be integrated with the ‘Referrer API’.

2. CTIT Rule : CTIT(Click To Install Time) Range Control

[[인용:정보:작게]] Take Note!

1. The time it takes from app’s install and open widely varies depending on the app’s size.
Please run actual install tests to find out the average time it takes to complete the install, and finalize the CTIT range which is impossible to be recorded. With the finalized range, discuss with the AD Partners to apply the CTIT Rule for the campaign. If the range of CTIT Rule is longer than the minimal time it takes to finish the install, some of legitimate traffic can be distinguished as AD Fraud.

2. ‘Deeplink Open’ is an open attribution category which counts the cases when ad-touch(click) and app open happen at the same time.
Since tracking characteristics are different from New Install and Re-Install, ‘Deeplink Open’ is excluded from CTIT Rule.

We can check for the traffics with relatively short CTIT(Click to Install Time). If there is reasonable doubt for the possibility of ‘Click Injection’, please measure the time it takes to install and open the app multiple times. Then, finalize the time range of CTIT which physically cannot take place for the legitimate traffics. Adbrix regards all the New Installs and Re-Installs recorded within the custom-set range of CTIT as AD Fraud and reports.

Since the network environment differs by countries, the right range of CTIT will not be identically applied as universal condition. Adbrix provides detailed conditions for you to set different CTIT Rules for each campaign.

How to Set? (CTIT Rule)

1) Activate the toggle.
2) Select the range option.
Regards all the traffics with less than selected seconds of CTIT as AD Fraud.
-Between: Regards all the traffics which falls in between the selected seconds of CTIT as AD Fraud.
3) Type in the timeline(seconds) you would like to control.
4) In case you want to apply different CTIT Rule by countries, click on +Add button to create more conditions.
5) After completing the setting, click ‘Update’ at the bottom right corner to save the setting.

Example (CTIT Rule)

Take a look at the screenshots below, and let us go over how we can set the rules and understanding the reasons for blocking the traffic.

All the examples follow the global condition which does not send post-back and excluding from attribution.

1. ‘Default’, ‘ 10 secs’

- User with CTIT record of 7 seconds : AD Fraud
- User with CTIT record of 11 seconds : Legitimate Traffic(Last Touch)

2. Without Default, and set as ‘Korea’, 7 seconds’

 - User from ‘Korea’ with CTIT record of 5 seconds: AD Fraud
- User from ‘US’ with CTIT record of 8 seconds: Legitimate Traffic(Last Touch)
- User from ‘Korea’ with CTIT record of 11 seconds:  Legitimate Traffic(Last Touch)

3. Double setting with ‘Default’  ‘> 10 secs’ and ‘Korea’, ‘ > 7 secs’

   - User from ‘Korea’ with CTIT record of 5 seconds: AD Fraud
   - User from ‘US’ with CTIT record of 8 seconds: AD Fraud
   - User from ‘Korea’ with CTIT record of 8 seconds: Legitimate Traffic(Last Touch)

[[인용:정보:작게]] Why does the user from ‘Korea’ with CTIT record of 8 seconds wins the credit in the Example #3?

+ The ‘country’ sub-conditions of the CTIT Rule is a separate CTIT Rule for specific traffics from specific country, and this means that the traffics from that specific country is not affected by basic CTIT Rule. In other words, country-based setting overrides the basic settings.

Fraud Kill-Chain Global Setting

  1) Default Setting : Recommended

 - Traffics are not included in the attribution report and classified as AD Fraud(Or organic)
 - Traffics(post-back) are not sent to AD Partners.
 - Traffics can be checked in the Fraud Index report.

  2) Included in the attribution, Do not send post-back

 - Traffics will be included in the attribution report and classified as AD Partner’s credit.
 - Traffics(post-back) are not sent to AD Partners. (Console report and media report will have some discrepancies.)
 - Traffics can be checked in the Fraud Index report.

  3)  Include in the attribution and send post-back(without reason).

 - Traffics will be included in the attribution report and classified as AD Partner’s credit.
 - Traffics(post-back) will be sent to AD Partners without reason.
 - Traffics can be checked in the Fraud Index report.

  4) Include in the attribution and send post-back(with reason)

 - Traffics will be included in the attribution report and classified as AD Partner’s credit.
 - Traffics(post-back) will be sent to AD Partners with reason. (only to the media which integrated {blocking_reason} macro.)
 - Traffics can be checked in the Fraud Index report. 

Check Reports

The traffic controlled by ‘Traffic Control’ can be checked in the ‘Single Touch Attribution’ report’s following metric.