Check spoofing defense settings and reports
FollowAd Fraud: Spoofing
Spoofing is the most vicious type of Ad Fraud. Spoofing is a method of directly attacking the tracking SDK. Fraudster blocks the encrypted protocol protocol (SSL) between the SDK linked to the advertiser application and the server, then creates false traffic and checks console reports and server call-back signals. and test whether it is recognized as actual performance (open and in-app event attribution). If a pattern that is recognized as actual performance is discovered during the testing stage, false traffic using the same pattern is continuously generated during the advertising campaign period and advertising revenue is earned for it.
The reason why spoofing is scary is because it creates false traffic similar to the app usage patterns of actual users so that advertisers do not notice, so it is very difficult to detect that ad fraud is occurring. Spoofing attempts mainly take place at the publisher level of network media and are prominent in the open source-oriented Android OS environment.
Fraud Kill-Chain: Spoofing
SDK Hash value verification (Android, iOS): Dynamic Secret Key
[[Quote: Guide: Small]] This function is automatically applied upon SDK integration.
Apply Fraud Kill-Chain global settings
1) Default setting: Recommended setting method
- The corresponding traffic is not included in the attribution report and is classified as Ad Fraud (Or Organic).
- We do not post back the relevant traffic to the media company.
- You can check the corresponding traffic size in the Fraud Index report.
2) Included in attribution but excluded from postback
- The corresponding traffic is included in the attribution report and classified as partner performance.
- We do not post back the relevant traffic to the media company. (There is a numerical difference between the console report and the media company report)
- You can check the corresponding traffic size in the Fraud Index report.
3) Include in attribution and send postback (no reason)
- The corresponding traffic is included in the attribution report and classified as partner performance.
- The relevant traffic is posted back to the media company, but no reason for fraud is sent.
- You can check the corresponding traffic size in the Fraud Index report.
4 ) Include in attribution and send a postback (including reason)
- The corresponding traffic is included in the attribution report and classified as partner performance.
- Post back the relevant traffic to the media company, including the reason for Ad Fraud (
{blocking_reason}
macro-linked media only). - You can check the corresponding traffic size in the Fraud Index report. Macro-linked media only) Postback including reason. - You can check the corresponding traffic size in the Fraud Index report.
Macro-linked media only) Postback including reason.
- You can check the corresponding traffic size in the Fraud Index report.
Check the report
Traffic controlled with Spoofing DSK is In the Single Touch Attribution report You can check the Metric items using the items below.
Level | Metric Name | Contents |
First Open |
Spoofing DSK (New-Install)
|
Number of new installations blocked through DSK |
First Open |
|
Number of Re Installs blocked through DSK |
Deeplink Open | Spoofing DSK (Deeplink Open) | Number of deep link opens blocked through DSK |