Spoofing protection setting
FollowAd Fraud : Spoofing
Spoofing is the most malicious type of Ad Fraud. Spoofing attacks the tracking SDK directly, where the fraudster blocks the encrypted protocol agreement (SSL) between the SDK integrated into the advertiser's application and the server, creates fake traffic, and tests whether the console report and server call-back signal match the actual performance (open and in-app event attribution) without being detected by the advertiser. If a pattern that matches the actual performance is discovered during the testing phase, the fraudster continues to create fake traffic using the same pattern during the advertising campaign period and earns advertising revenue from it.
Spoofing is particularly frightening because it creates fake traffic that is similar to the actual user's app usage pattern to prevent the advertiser from realizing that Ad Fraud is occurring, making it difficult to detect. Spoofing attempts are mainly carried out at the publisher level of the network medium and are prominent in the Android OS environment, which tends to favour open source.
Fraud Kill-Chain : Spoofing
SDK Hash verification (Android, iOS) : Dynamic Secret Key
[[인용:안내:작게]] Default option that when you integrate DFINERY SDK
Fraud Kill-Chain Setting
1) Default setting : Recommended
- The traffic in question is classified as Ad Fraud (or Organic) and is not included in the attribution report.
- The corresponding traffic is not postback to the media.
- You can check the scale of the corresponding traffic in the Fraud Index report
2) Included in attribution, but excluded from postback.
- The corresponding traffic is classified as a partner's success and included in the attribution report.
- This traffic is classified as Partner performance, but it is not posted back to the media partner (causing discrepancies between the console report and the media partner report).
- You can check the scale of the corresponding traffic in the Fraud Index report.
3) Included in attribution and postback is sent (without any specific reason)
- The corresponding traffic is classified as partner performance and included in the attribution report
- The corresponding traffic is classified as partner performance and included in the attribution report, but the reason for fraud is not sent to the media through postback.
- You can check the scale of the corresponding traffic in the Fraud Index report.
4 ) Include in attribution and send a postback with a reason
- The corresponding traffic is included in the attribution report and classified as partner performance.
- The corresponding traffic is postback to the media with the Ad Fraud ({blocking_reason} macro integration media included) reason included.
- You can check the scale of the relevant traffic in the Fraud Index report.
Report
Level | Metric Name | Contents |
First Open |
Spoofing DSK (New-Install)
|
The number of new installs executed that were blocked through DSK defence. |
First Open |
|
The number of re-installations that have been blocked through DSK. |
Deeplink Open | Spoofing DSK (Deeplink Open) | The number of deeplink opens that have been blocked through DSK (Blocking) can be found in the Single Touch Attribution report under the Metric item below. |