What is fraud in the mobile industry?

The mobile sector of CPI is very simple and yet very complex. It’s simple because it’s based on a very clear and simple concept: the client pays for each installation you generate from their app. It is complicated because of all of actors involved in it.

Before we start talking about fraud, let’s clear up these concepts:


“Cost Per Download,” something that can only measure the “store” downloads (Google Play, iTunes…), but doesn’t allow you to know who has generated the downloads or where they come from.


“Cost Per Installation”, making an installation is when an App is opened for the first time on a particular mobile device.


“Cost Per Engagement” is a step further and it’s when a specific action within the installed app is done, such as finishing the first level of a game.

I would like to emphasise that in this article we’re not talking about the quality of the installations (which involves CPE), but only if the installation is correct and valid or when it isn’t. Therefore it’s important that campaigns make it clear whether they are CPE or CPI and explain that the conversion flow for the App just has to be opened or if there is some type of engagement needed later in the App.

From here on we’ll tell you about the simplest and most complex situations. For this I recommend you look at the post about the life cycle of the offer if you do not know how it works.

The simplest case is when the developer of an App gives you a URL with a tracker. When clicked, this link synchronises all the information the moment the installation is made. The tracker decides if the installation that was made is a valid one or not.

Every installation accounted have a set of basic rules: The installation can only be accounted after the first installation of an app on a device. If a user uninstall and reinstall the app, the download only will be counted the first time.

Technologically speaking, the trackers verify a series of unique device identifiers, which leaves it in the tracker’s hands to decide whether the installation is successful or not.

For this reason, there are trackers used by companies that certify the installation and other events.

Only a tracker is able to decide if an installation is valid or not. Not other external service can decide. The tracker system reflects whether or not the installation is valid.

So far we’ve only spoken of the instillations and not of the clicks on the links that redirect to consumers to the offer. Why? Basically because no matter where the traffic comes from, if it is a click from a machine/server and not from a user, the tracker will not count this as correct of give it any value.

At this point we can add the S2S System (Server-to-Server)/Postback, which sends information between machines only when the installation was successful. With this, companies now know in real time when an instillation is generated/installed and don’t need access to the original reports of the tracker.

If an advertiser left it to another agency to do the promotional work, the agency will receive (through the S2S System) a notification of the tracker, so you know at the exact moment if the install is valid or not and it’s never possible to commit fraud because the tracker, that certifies the install, approved it.

From this moment on we’ll enter the world of rebrokering. When an offer is in line it’s practically available worldwide, and this is where the networks enter the game. Simply put, networks are affiliation platforms that put a level between user-generated installations and agency’s or developers without adding value in the chain. Some of these networks hire external services for the “anti-fraud” fight, but what do these companies analyse? They do not test facility information, they only analyse the information clicks.

If they generate 100 installs, they see the clicks of these 100 facilities (which are valid because the tracker said they are valid and is the only one who can certify it) and if the anti-fraud company believes that the origin of those clicks is not OK, the network does not pay them, although they have been counted as valid (because yes they are). This means that the developer of the App has paid for the installation and if there is an agency, it has also gained an installation, but after the intermediaries do not pay their affiliates.

It makes sense that developers of Apps look in detail at the quality of the facilities, so there are incentivized offers (for those who want volume without looking at the quality facilities) and no incentive (for those who are more concerned with the quality and not volume), but it is your job to decide the price of the CPI offers based on your acquisition cost and the work with these metrics.

3 replies
    • Javier Casares
      Javier Casares says:

      An installation is made when inside the App, a tracker SDK analyze the unique ID from the Device, so the device is real and is not rooted, and not virtual. So only in that case the installation is checked and valid. A click can be generated by machines, or by anybody. So, analyze the click could go via proxies or anything. This is the reason that if a Tracker says that an installation is valid the installation is valid and could not be fraud, because is the main reason that trackers exists.

      So, if a tracker says an installation is made, then, the installation could not be fraud.


Trackbacks & Pingbacks

  1. […] you notice a very big discrepancy in numbers do not hesitate to ask your 3rd party tracker, who is the certified authority to determine valid installations, or ask your Geenapp’s account […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *