Ad Fraud in Mobile Advertising
Expert-defined terms from the Professional Certificate in Ad Fraud Prevention course at London School of Business and Administration. Free to read, free to share, paired with a professional course.
Ad Fraud – Concept #
Deceptive practices that generate false or non‑human interactions to inflate advertising metrics. Related terms: Invalid traffic, click fraud, impression fraud. Explanation: In mobile advertising, ad fraud manipulates clicks, installs, or impressions using bots, click farms, or SDK tampering to drain budgets and distort performance data. Example: A fraudster deploys a botnet that simulates app installs, causing advertisers to pay for non‑real users. Practical application: Detecting ad fraud requires integrating fraud‑detection platforms, monitoring anomalies, and establishing verification pipelines. Challenges: Sophisticated fraud actors constantly evolve techniques, making real‑time detection and attribution accuracy difficult.
Ad Network – Concept #
An intermediary that connects app developers (publishers) with advertisers to serve mobile ads. Related terms: Demand‑side platform (DSP), supply‑side platform (SSP). Explanation: Ad networks aggregate inventory from multiple apps and sell it to advertisers, often providing targeting, reporting, and payment handling. Example: A gaming app joins an ad network to serve rewarded video ads to its users. Practical application: Choosing reputable ad networks reduces exposure to fraudulent inventory. Challenges: Some ad networks may lack transparent reporting, making it hard to spot invalid traffic originating from their supply.
Attribution – Concept #
The process of assigning credit for a conversion (install, purchase) to a specific ad interaction. Related terms: Mobile attribution, multi‑touch attribution, post‑install attribution. Explanation: Attribution tools use device identifiers, click timestamps, and fingerprinting to link an install back to the originating ad source. Example: An advertiser uses a third‑party attribution SDK to determine that a user who installed the app clicked a rewarded video ad one hour earlier. Practical application: Accurate attribution informs budgeting and optimization decisions. Challenges: Click injection, SDK spoofing, and privacy regulations (e.g., iOS 14+ ATT) can obscure the true source of installs.
Attribution Window – Concept #
The time span after an ad click during which a conversion is credited to that click. Related terms: Look‑back window, post‑click window. Explanation: Common windows range from 24 hours to 30 days; a longer window captures delayed installs but may increase attribution ambiguity. Example: An advertiser sets a 7‑day attribution window for a cost‑per‑install (CPI) campaign. Practical application: Adjusting the window balances capture of true installs against risk of over‑attributing to unrelated clicks. Challenges: Fraudsters exploit longer windows with click injection, artificially inflating attributed installs.
Botnet – Concept #
A network of compromised devices controlled remotely to perform automated tasks. Related terms: Malware, command‑and‑control (C2) server, automated fraud. Explanation: In mobile ad fraud, botnets generate fake clicks, installs, or impressions, often mimicking human behavior to evade detection. Example: A fraud operation infects low‑end Android phones, using them to launch millions of fraudulent install events. Practical application: Monitoring device health signals (e.g., battery level, sensor data) helps identify botnet activity. Challenges: Botnets can rapidly scale, adapt to detection heuristics, and hide behind legitimate traffic sources.
Click Fraud – Concept #
The generation of fraudulent clicks on ads with the intent to deplete an advertiser’s budget or earn illicit revenue. Related terms: Invalid clicks, click injection, click farms. Explanation: Click fraud can be performed by bots, human click farms, or malicious apps that trigger clicks without user intent. Example: An app embeds a hidden button that programmatically clicks an ad view when the app launches. Practical application: Deploying click‑validation algorithms that compare click patterns against human interaction models. Challenges: Differentiating legitimate rapid clicks (e.g., in fast‑paced games) from fraudulent activity remains a nuanced problem.
Click Injection – Concept #
A fraud technique where a malicious app inserts a click event after an install to claim credit for that install. Related terms: Post‑install click fraud, SDK injection, attribution spoofing. Explanation: The fraudulent app monitors for new app installations and then programmatically generates a click event within the attribution window, falsely attributing the install to its own campaign. Example: A utility app detects that a user has installed a new game and immediately fires a click to a partner ad network, claiming the install. Practical application: Employing server‑side verification that matches click timestamps to actual user interaction timestamps. Challenges: The timing can be very close to genuine clicks, making detection based on latency alone insufficient.
Click Farms – Concept #
Groups of low‑paid workers who manually click on ads to generate fraudulent activity. Related terms: Human click fraud, low‑cost labor, click farms in Asia. Explanation: Click farms provide a veneer of legitimacy because clicks are performed by real humans, complicating automated detection. Example: A fraud operation hires workers in a call‑center to open apps and tap on ads for hours at a time. Practical application: Analyzing click quality signals such as mouse movement, dwell time, and device sensor data can reveal farm patterns. Challenges: Human click farms can mimic natural behavior, requiring sophisticated behavioral analytics.
Conversion – Concept #
A desired user action resulting from an ad exposure, such as an install, purchase, or registration. Related terms: Install conversion, in‑app purchase, lead. Explanation: Conversions are the key performance indicator for many mobile advertising campaigns, directly tied to ROI calculations. Example: A user clicks a video ad, installs the advertised app, and makes a purchase within the app; that purchase is the conversion. Practical application: Defining clear conversion events and tracking them accurately via SDKs or server‑side APIs. Challenges: Attribution fraud can inflate conversion numbers, leading to misguided optimization.
Cost Per Install (CPI) – Concept #
A pricing model where advertisers pay a fixed amount for each app install generated by an ad. Related terms: Cost per acquisition (CPA), performance pricing, install bidding. Explanation: CPI campaigns are common in mobile user acquisition, incentivizing publishers to deliver high‑quality installs. Example: An advertiser agrees to pay $2.50 for every install of its mobile game. Practical application: Monitoring CPI metrics alongside LTV (lifetime value) to ensure profitability. Challenges: Fraudulent installs artificially lower CPI performance, masking the true cost of acquiring genuine users.
Device ID – Concept #
A unique identifier assigned to a mobile device, used for tracking and attribution. Related terms: IDFA, GAID, advertising identifier, device fingerprint. Explanation: On iOS, the Identifier for Advertisers (IDFA) serves this purpose; on Android, the Google Advertising ID (GAID) is used. Example: An attribution SDK reads the GAID to associate a click with a subsequent install. Practical application: Respecting user consent preferences when accessing Device IDs is essential for compliance. Challenges: Platform restrictions (e.g., iOS 14+ privacy changes) limit IDFA availability, increasing reliance on probabilistic matching, which can be exploited by fraudsters.
Fake Install – Concept #
An install event generated without a real user downloading or opening the app. Related terms: Install fraud, synthetic installs, ghost installs. Explanation: Fake installs are produced by bots, SDK spoofing, or click injection, inflating install counts without delivering actual users. Example: A bot simulates a device download process, reporting a successful install to the attribution server. Practical application: Cross‑checking install data with post‑install activity (e.g., session length) helps flag fake installs. Challenges: Sophisticated fraud can generate plausible post‑install signals, making detection harder.
Fraud Detection Platform – Concept #
A technology solution that monitors, analyzes, and flags suspicious advertising activity. Related terms: Anti‑fraud engine, anomaly detection, real‑time monitoring. Explanation: These platforms ingest raw click, install, and impression data, applying machine‑learning models and rule‑based checks to identify anomalies. Example: A platform flags a sudden spike in installs from a single IP range as potential fraud. Practical application: Integrating the platform’s APIs with campaign dashboards for immediate alerts. Challenges: Balancing false‑positive rates against detection sensitivity, and adapting models to new fraud tactics.
Geofencing – Concept #
A location‑based targeting method that serves ads to users within a defined geographic boundary. Related terms: Location targeting, geo‑targeting, GPS‑based ads. Explanation: Advertisers use geofencing to reach users near physical stores or events. Example: A retailer runs a mobile ad campaign targeting users within a 5‑km radius of a new store opening. Practical application: Combining geofencing with device‑level security checks can reduce location‑spoofing fraud. Challenges: Fraudsters can spoof GPS coordinates, leading to invalid impressions and wasted spend.
In‑App Advertising – Concept #
The delivery of ads within a mobile application’s user interface. Related terms: Interstitial ads, rewarded video, native ads. Explanation: In‑app ads can be displayed as banners, full‑screen interstitials, or rewarded videos that grant in‑app benefits. Example: A puzzle game shows a rewarded video ad that gives the player extra lives upon completion. Practical application: Implementing viewability checks ensures ads are actually seen, mitigating impression fraud. Challenges: Hidden or background ad rendering can generate non‑viewable impressions, which are often exploited by fraud networks.
Invalid Traffic (IVT) – Concept #
Non‑human or low‑quality traffic that does not represent genuine user engagement. Related terms: Bot traffic, click spam, impression fraud. Explanation: IVT includes bot‑generated clicks, clicks from click farms, and any activity that violates advertising policies. Example: An ad campaign receives a surge of impressions from IP addresses belonging to known data‑center ranges, flagged as IVT. Practical application: Filtering IVT at the ad network level preserves advertiser budgets. Challenges: Distinguishing high‑quality human traffic from sophisticated bots requires continuous model refinement.
Key Fraud – Concept #
Manipulation of cryptographic keys or security credentials to spoof legitimate ad interactions. Related terms: SDK tampering, certificate spoofing, signature fraud. Explanation: Fraudsters may replace legitimate SDK keys with counterfeit ones, allowing them to send fabricated events that appear authentic. Example: A malicious developer injects a fake ad SDK key into an app, enabling it to report installs that never occurred. Practical application: Enforcing key verification and certificate pinning in SDK integration. Challenges: Attackers can reverse‑engineer key structures, necessitating frequent key rotation and robust validation.
LTV (Lifetime Value) – Concept #
The projected revenue a user will generate over the entire period they engage with an app. Related terms: ARPU, churn rate, ROI. Explanation: LTV helps advertisers assess whether the cost of acquiring a user (e.g., CPI) is justified. Example: An app calculates an average LTV of $8 per user, indicating a $2 CPI campaign is profitable. Practical application: Aligning acquisition bids with expected LTV improves campaign efficiency. Challenges: Fraudulent installs distort LTV calculations, as fake users generate no subsequent revenue.
Mobile Attribution – Concept #
The specialized process of linking mobile ad interactions to downstream actions such as installs or purchases. Related terms: Attribution SDK, post‑install tracking, deep linking. Explanation: Mobile attribution relies on device identifiers, probabilistic matching, and server‑side validation to map clicks to installs. Example: An advertiser uses Adjust or AppsFlyer SDKs to capture install callbacks after a user clicks an ad. Practical application: Leveraging deferred deep linking enables seamless onboarding for users arriving from ads. Challenges: Privacy changes (e.g., ATT) limit identifier availability, increasing reliance on probabilistic models that are vulnerable to manipulation.
Network Fraud – Concept #
Fraudulent activity that originates from the ad supply side, often involving compromised ad exchanges or SSPs. Related terms: Supply‑side fraud, ad exchange spoofing, inventory fraud. Explanation: Network fraud can include the sale of non‑existent inventory, duplication of legitimate impressions, or the insertion of malicious code into ad tags. Example: An SSP inadvertently serves ads from a rogue network that injects hidden click pixels. Practical application: Vetting supply partners and employing tag verification tools mitigate network fraud risk. Challenges: Complex supply chains and real‑time bidding environments obscure the provenance of each impression.
Open Bidding – Concept #
A programmatic buying method where multiple demand sources bid simultaneously on a single impression in real time. Related terms: Header bidding, real‑time bidding (RTB), demand‑side platform (DSP). Explanation: Open bidding increases competition for inventory, potentially raising revenue for publishers. Example: An app integrates an open‑bidding wrapper that forwards each ad request to several DSPs before rendering the winning ad. Practical application: Monitoring latency and bid quality helps ensure open bidding does not introduce fraudulent low‑ball bids. Challenges: Fraudsters can submit fake bids to inflate win rates, skewing revenue distribution.
Pixel Fraud – Concept #
The use of invisible 1×1 pixel images or tracking tags to generate fraudulent impressions or clicks. Related terms: Pixel stuffing, hidden pixels, impression spoofing. Explanation: By loading a pixel in a hidden iframe, malicious actors can claim an impression without the user seeing the ad. Example: A rogue ad network embeds a 1×1 pixel on a webpage that loads silently, reporting a viewable impression to the advertiser. Practical application: Enforcing viewability standards that require a minimum percentage of ad area to be on‑screen for a defined duration. Challenges: Detecting hidden pixels requires deep inspection of page DOM and network requests.
Post‑Install Attribution – Concept #
The process of attributing in‑app events (e.g., purchases) back to the original ad click that led to the install. Related terms: In‑app event tracking, deep linking, conversion lift. Explanation: After an install, the attribution SDK continues to collect events and ties them to the original click ID. Example: A user clicks an ad, installs the app, and later makes a purchase; the purchase is credited to the original click. Practical application: Calculating post‑install ROI helps optimize campaigns toward high‑value users. Challenges: Click injection and delayed click windows can cause false attribution of post‑install revenue.
Privacy Sandbox – Concept #
An initiative by platform providers (e.g., Google) to replace device identifiers with aggregated, privacy‑preserving alternatives. Related terms: FLEDGE, TURTLEDOVE, privacy‑preserving advertising. Explanation: The sandbox aims to enable interest‑based targeting without exposing individual identifiers. Example: Android’s Privacy Sandbox introduces a conversion measurement API that reports aggregated install data without revealing user‑level IDs. Practical application: Advertisers adapt to sandbox metrics by focusing on cohort performance rather than individual attribution. Challenges: Fraudsters may exploit the reduced granularity to mask fraudulent activity behind aggregated data.
Programmatic Advertising – Concept #
Automated buying and selling of ad inventory through real‑time bidding platforms. Related terms: DSP, SSP, ad exchange. Explanation: Programmatic workflows streamline ad placement, allowing advertisers to target audiences at scale. Example: An advertiser sets up a DSP campaign that bids on ad impressions across multiple mobile apps. Practical application: Programmatic controls enable frequency capping and budget pacing. Challenges: The speed of programmatic auctions provides an opportunity for fraudsters to inject low‑quality bids or manipulate bid responses.
Quality Score – Concept #
A metric used by ad platforms to evaluate the relevance and performance of an ad placement. Related terms: Ad relevance, click‑through rate (CTR), viewability. Explanation: Higher quality scores can reduce cost per impression and improve ad placement priority. Example: An ad with a high CTR and low bounce rate receives a better quality score, resulting in lower CPM. Practical application: Monitoring quality scores helps identify potential fraud, as sudden drops may indicate non‑human traffic. Challenges: Fraudulent clicks can artificially inflate CTR, misleading quality assessments.
SDK (Software Development Kit) – Concept #
A collection of tools, libraries, and documentation that developers integrate into apps to enable functionality such as analytics, ad serving, or attribution. Related terms: API, integration, library. Explanation: In mobile ad fraud, SDKs can be vectors for malicious code insertion or data manipulation. Example: An app integrates an attribution SDK that reports install events to a third‑party server. Practical application: Performing security reviews of SDKs and employing runtime integrity checks reduce risk. Challenges: Frequent SDK updates and third‑party dependencies increase the attack surface for fraud actors.
Server‑Side Verification (SSV) – Concept #
A method where the ad network sends install or conversion data directly to the advertiser’s server, bypassing client‑side SDKs. Related terms: Post‑back, webhook, server‑to‑server callback. Explanation: SSV provides a more tamper‑resistant data path, helping to validate the authenticity of install events. Example: After a user installs an app, the ad network posts a verification payload to the advertiser’s endpoint, confirming the install. Practical application: Combining SSV with client‑side SDK data creates a dual‑validation system. Challenges: Fraudsters may still manipulate server responses or spoof SSV payloads, requiring cryptographic signatures.
Session Length – Concept #
The duration of a user’s interaction with an app during a single session. Related terms: Engagement metric, dwell time, active usage. Explanation: Session length is a quality indicator; unusually short sessions after install may suggest fraudulent installs. Example: A newly installed app records an average session length of 2 seconds, far below the industry norm. Practical application: Setting minimum session thresholds helps filter out low‑quality installs. Challenges: Some legitimate users may have brief sessions, so thresholds must be calibrated to avoid false positives.
Simulated Device – Concept #
A virtual environment that mimics the behavior of a real mobile device, often used in testing or fraud. Related terms: Emulator, sandbox, virtual device farm. Explanation: Fraudsters use simulated devices to generate large volumes of fake installs without needing physical hardware. Example: A cloud‑based Android emulator runs scripts that simulate app downloads and installations. Practical application: Detecting emulator signatures (e.g., default device model, lack of sensor data) assists in fraud mitigation. Challenges: Advanced emulators can spoof hardware identifiers, making detection more complex.
Supply‑Side Platform (SSP) – Concept #
A technology platform that enables publishers to manage and sell their ad inventory programmatically. Related terms: Ad exchange, header bidding, inventory management. Explanation: SSPs expose inventory to multiple demand sources, optimizing yield for publishers. Example: A mobile game integrates an SSP to expose its rewarded video inventory to several DSPs. Practical application: Using SSP filters to block known fraudulent demand sources improves inventory quality. Challenges: SSPs must balance openness with the need to protect publishers from low‑quality or fraudulent bids.
Tag Injection – Concept #
The unauthorized insertion of ad tags or scripts into an app or webpage to generate fraudulent impressions or clicks. Related terms: Malicious script, ad tag spoofing, code injection. Explanation: Attackers compromise the app’s codebase or use dynamic loading to insert extra tags that report false events. Example: A compromised SDK adds a hidden banner tag that fires an impression every minute, regardless of user visibility. Practical application: Conducting static code analysis and runtime monitoring can detect unexpected tag loading. Challenges: Dynamic loading techniques can evade static scans, requiring behavioral monitoring.
Touch Attribution – Concept #
Attribution that relies on user touch events (e.g., screen taps) to validate that a click was a genuine interaction. Related terms: Touch verification, gesture analysis, interaction validation. Explanation: By capturing touch coordinates, pressure, and timing, platforms can differentiate real clicks from programmatic ones. Example: An SDK records the exact touch event that initiated a click, linking it to the subsequent install. Practical application: Touch data enriches fraud models, reducing false attribution from click injection. Challenges: Privacy policies may restrict collection of detailed touch data, limiting its use.
Uninstall Rate – Concept #
The percentage of users who remove an app within a defined period after installation. Related terms: Churn, retention, stickiness. Explanation: A high uninstall rate can indicate low‑quality traffic, possibly stemming from fraudulent installs. Example: A campaign shows a 45% uninstall rate within 24 hours, well above the industry average of 15%. Practical application: Monitoring uninstall trends helps flag suspicious acquisition sources. Challenges: Some legitimate campaigns (e.g., promotional offers) naturally have higher churn, requiring nuanced interpretation.
Viewability – Concept #
A metric that determines whether an ad was actually visible to the user for a minimum amount of time. Related terms: Impression verification, above‑the‑fold, in‑view time. Explanation: Industry standards (e.g., 50% of ad pixels in view for at least 1 second) define a viewable impression. Example: An ad served in a scrollable feed is considered viewable if at least half of its area is on screen for one second. Practical application: Enforcing viewability thresholds prevents paying for non‑viewable impressions, a common fraud vector. Challenges: Fraudsters may use hidden iframes or CSS tricks to fake viewability signals.
Waterfall Mediation – Concept #
A sequential method of serving ads where the highest‑paying ad network is tried first, then the next, and so on. Related terms: Priority mediation, ad network hierarchy, fallback. Explanation: Waterfall mediation can lead to latency and may expose publishers to inventory that is less vetted. Example: An app’s mediation stack lists Network A (highest CPM) first; if Network A has no fill, the request falls back to Network B. Practical application: Regularly auditing each tier for fraud risk ensures quality across the waterfall. Challenges: Fraudulent networks may infiltrate lower tiers, delivering low‑quality impressions that still generate revenue.
Zero‑Click Install – Concept #
An install that occurs without the user explicitly clicking an ad, often through auto‑install mechanisms or pre‑installed bundles. Related terms: Auto‑install, silent install, background install. Explanation: Zero‑click installs can be legitimate (e.g., carrier pre‑loads) or malicious, where apps silently install other apps. Example: A malicious app leverages device management APIs to silently install a secondary app without user interaction. Practical application: Monitoring for installs lacking click attribution helps detect suspicious behavior. Challenges: Distinguishing legitimate carrier‑initiated installs from fraudulent auto‑installs requires contextual data.
Ad Verification – Concept #
The process of ensuring that ads are served according to campaign specifications, free from fraud, and viewable. Related terms: Fraud detection, viewability measurement, brand safety. Explanation: Verification services scan ad creatives, monitor placement, and validate metrics against agreed standards. Example: A verification vendor reports that 12% of impressions for a campaign were non‑viewable. Practical application: Using verification reports to adjust media buying and to dispute fraudulent charges. Challenges: Sophisticated fraud can mimic compliant behavior, making verification a constant cat‑and‑mouse game.
Bid Shading – Concept #
A pricing strategy where demand sources submit bids slightly below the highest competing price to win inventory at a lower cost. Related terms: Second‑price auction, bid optimization, price shading. Explanation: While bid shading can reduce CPM, it may also encourage low‑ball bidding that attracts fraudulent inventory. Example: A DSP employs bid shading to win impressions at 0.9× the second‑highest bid. Practical application: Monitoring win‑rate versus cost efficiency helps assess the impact of shading on ad quality. Challenges: Fraud networks may exploit shading by offering artificially low bids to capture high‑value inventory.
Click‑Through Rate (CTR) – Concept #
The ratio of clicks to impressions, expressed as a percentage. Related terms: Engagement metric, click ratio, performance indicator. Explanation: CTR gauges ad effectiveness; unusually high CTRs may signal click fraud. Example: An ad unit reports a 15% CTR, far above the typical 1–2% range for similar placements. Practical application: Setting CTR thresholds alerts advertisers to potential anomalies. Challenges: Click farms can generate high CTRs that appear legitimate, necessitating deeper analysis of click quality.
Conversion Lift – Concept #
The incremental increase in conversions attributable to a specific advertising effort, measured against a control group. Related terms: Incrementality testing, A/B testing, lift analysis. Explanation: Lift studies isolate the true impact of ads, helping to separate genuine conversions from those that would have occurred organically. Example: A campaign shows a 20% lift in installs compared to a non‑exposed control cohort. Practical application: Using lift results to allocate budget toward high‑impact channels. Challenges: Fraudulent installs can inflate lift calculations if not properly filtered, leading to overestimation of campaign effectiveness.
Deep Linking – Concept #
A URL that directs a user to a specific location within a mobile app, often after an ad click. Related terms: Deferred deep link, app link, URI scheme. Explanation: Deep links improve user experience by bypassing the app’s home screen and landing the user directly on relevant content. Example: A user clicks an ad for a product, and the deep link opens the app’s product page after install. Practical application: Tracking deep link performance helps assess the quality of post‑click engagement. Challenges: Fraudsters may use deep links to mask click injection, as the app can appear to open directly from the ad.
Demand‑Side Platform (DSP) – Concept #
A technology platform that allows advertisers to buy inventory programmatically across multiple ad exchanges. Related terms: RTB, programmatic buying, media buying platform. Explanation: DSPs evaluate bid requests, apply targeting criteria, and submit bids in real time. Example: An advertiser uses a DSP to run CPI campaigns targeting high‑value users in Europe. Practical application: Configuring fraud filters within the DSP reduces exposure to low‑quality inventory. Challenges: DSPs must balance speed with thoroughness, as rapid bid responses can limit the depth of fraud checks.
Event Flooding – Concept #
The generation of excessive in‑app events (e.g., purchases, level completions) to artificially boost performance metrics. Related terms: Event spoofing, metric manipulation, fake revenue. Explanation: Fraudsters script repetitive events that are recorded as genuine interactions, inflating LTV or revenue reports. Example: A bot repeatedly triggers an in‑app purchase event, reporting thousands of purchases in a short time. Practical application: Setting thresholds for event frequency and cross‑checking with payment processor data helps detect flooding. Challenges: Legitimate high‑engagement users may produce many events, requiring careful baseline modeling.
Fraudulent Publisher – Concept #
A publisher that knowingly supplies low‑quality or fabricated inventory to generate revenue. Related terms: Supply‑side fraud, inventory spoofing, black‑hat publisher. Explanation: These publishers may embed hidden ads, use bots, or sell the same impression multiple times. Example: A publisher runs a background service that fires invisible ad impressions while the device screen is off. Practical application: Conducting publisher audits and using third‑party verification reduces reliance on fraudulent sources. Challenges: Fraudulent publishers often operate under false identities, making detection and enforcement difficult.
Geo‑Masking – Concept #
The practice of disguising the true geographic origin of traffic by routing requests through proxy servers. Related terms: IP spoofing, location spoofing, VPN fraud. Explanation: Fraudsters use geo‑masking to make traffic appear as if it originates from high‑value regions, inflating CPM rates. Example: A botnet routes clicks through servers in the United States while physically operating from elsewhere. Practical application: Analyzing IP reputation and latency patterns can uncover masked traffic. Challenges: Advanced proxies and residential VPNs can mimic legitimate user behavior, complicating detection.
Header Bidding – Concept #
A programmatic technique where publishers solicit bids from multiple demand sources before calling the ad server, allowing all bidders to compete simultaneously. Related terms: Open bidding, pre‑bid, client‑side auction. Explanation: Header bidding can increase competition and yield higher revenue for publishers. Example: A publisher implements a header bidding wrapper that collects bids from several DSPs before rendering the winning ad. Practical application: Monitoring latency and bid quality ensures the header bidding process does not introduce low‑quality impressions. Challenges: Fraudulent bidders may submit artificially high bids to win inventory, later delivering non‑viewable or fraudulent impressions.
Impression Fraud – Concept #
The generation of fake ad impressions that do not represent a real user viewing an ad. Related terms: Pixel stuffing, hidden iframe, viewability fraud. Explanation: Fraudsters manipulate the ad tag or use invisible pixels to report impressions without actual display. Example: A malicious ad tag loads a 1×1 pixel that registers as an impression while the user never sees the ad. Practical application: Enforcing viewability standards and employing impression verification services help mitigate this fraud. Challenges: Sophisticated techniques can pass standard viewability checks, requiring deeper content analysis.
Incentivized Install – Concept #
An acquisition method where users receive a reward (e.g., in‑app currency) for installing an app. Related terms: Rewarded video, incentivized traffic, offerwall. Explanation: While incentivized installs can boost acquisition numbers, they may attract low‑quality users focused on the reward rather than app value. Example: A user watches a rewarded video ad and receives 100 coins in a game after installing the advertised app. Practical application: Monitoring post‑install engagement and LTV helps determine the true value of incentivized traffic. Challenges: Fraudsters often exploit incentivized offers by automating installs to harvest rewards, inflating install counts.
Install Referrer – Concept #
A parameter passed from the Play Store (or App Store) to an app after installation, indicating the source of the install. Related terms: Referral data, attribution token, campaign identifier. Explanation: The referrer string can contain campaign IDs, click timestamps, and other metadata used for attribution. Example: An app reads the install referrer to attribute the install to a specific ad campaign. Practical application: Validating referrer integrity helps prevent spoofed install data. Challenges: Click injection can alter referrer values after the fact, making attribution unreliable without additional verification.
Invalid Install – Concept #
An install that fails to meet quality criteria, often due to fraud, resulting in no real user engagement. Related terms: Fake install, fraudulent install, low‑quality install. Explanation: Invalid installs may be generated by bots, click farms, or SDK tampering and do not contribute to app usage. Example: An install record shows zero session time and immediate uninstall, indicating an invalid install. Practical application: Filtering invalid installs before calculating CPI ensures accurate spend efficiency. Challenges: Distinguishing borderline cases (e.g., short sessions) from genuine low‑engagement users requires nuanced modeling.
Key Performance Indicator (KPI) – Concept #
A measurable value that demonstrates how effectively a campaign is achieving its objectives. Related terms: Metric, benchmark, performance target. Explanation: In mobile ad campaigns, common KPIs include CPI, CPA, LTV, CTR, and retention rates. Example: An advertiser sets a KPI of achieving a CPI below $3 while maintaining an LTV of $8. Practical application: Regular KPI reviews help identify drift caused by fraud or market changes. Challenges: Fraudulent activity can distort KPI data, leading to misguided strategic decisions.
Latency – Concept #
The time delay between an ad request and the delivery of an ad creative. Related terms: Response time, round‑trip time, ad load latency. Explanation: High latency can degrade user experience and increase viewability fraud risk, as ads may load after the user has scrolled past. Example: An ad request takes 2 seconds before the creative is rendered, causing the ad to be off‑screen. Practical application: Monitoring latency metrics helps optimize ad serving pipelines. Challenges: Fraud networks may intentionally delay responses to hide non‑viewable impressions.
Link Shortener – Concept #
A service that creates a shortened URL that redirects to a longer destination, often used in ad campaigns. Related terms: URL redirection, tracking link, deep link wrapper. Explanation: Shorteners simplify link sharing and can embed tracking parameters. Example: An advertiser uses a short URL to route users through a click‑tracking server before reaching the app store. Practical application: Validating the final destination of shortened links prevents malicious redirects. Challenges: Fraudsters may use shorteners to obscure malicious payloads or to hide click injection pathways.
Native Advertising – Concept #
Ads that match the look, feel, and function of the surrounding content, providing a seamless user experience. Related terms: Sponsored content, in‑feed ads, content‑aligned ads. Explanation: Native ads can appear as articles, list items, or recommendation widgets within an app. Example: A news app displays a sponsored article that mimics editorial content. Practical application: Ensuring clear disclosure of native ads maintains compliance and reduces deceptive practices. Challenges: Fraudsters may embed hidden click areas within native ads, generating invalid clicks while preserving the ad’s visual integrity.
Offerwall – Concept #
A monetization format where users complete tasks (e.g., install apps, watch videos) in exchange for virtual currency. Related terms: Incentivized offers, reward wall, task‑based monetization. Explanation: Offerwalls provide a revenue source for publishers while giving users a way to earn in‑app rewards. Example: A user completes a “install and register” offer to earn 500 coins in a mobile game. Practical application: Monitoring completion rates and post‑install activity helps detect low‑quality or fraudulent offers. Challenges: Fraudsters can automate offer completions, generating high volumes of fake rewards that dilute the value of genuine user engagement.
Pixel Tracking – Concept #
A method of tracking user actions by embedding a tiny image (pixel) that loads from a server, signaling an event. Related terms: Tracking pixel, beacon, server call. Explanation: When the pixel loads, the server records the request, attributing it to a specific user or campaign. Example: After a user clicks an ad, a pixel fires to log the click event. Practical application: Combining pixel data with SDK events provides redundancy for attribution. Challenges: Fraudsters may fire pixels programmatically without real user interaction, creating false impressions.
Post‑Back URL – Concept #
The endpoint to which an ad network sends conversion data after an install or other event. Related terms: Callback, server‑to‑server post‑back, verification endpoint. Explanation: Post‑backs deliver data such as click ID, install timestamp, and device identifier to the advertiser’s server. Example: An ad network posts a JSON payload to https://advertiser.com/postback after a