The four critical drawbacks of real-time app install ad fraud prevention
1. While real-time analytics is the industry’s generally accepted standard, it doesn’t always work for anti-fraud solutions. The traditional rules-based solutions have to show an attributed install in the dashboard and reports during the first five minutes, which means that the system has only a couple of minutes to make a decision whether an install is fraudulent or not. Such an insufficient time for analysis makes the results much less accurate, which leads to the critical distortion of ROI (Return on Investment) and ROAS (Return on Ad Spend) metrics.
2. The second drawback follows logically from the first. The nature of app install ad fraud is completely different from the RTB impression-based ad fraud. For the maximum accuracy and completeness in app install ad fraud identification, thorough analysis of install clusters in multiple measurement planes is mandatory. And this task becomes impossible for traditional anti-fraud solutions due to the above-mentioned limited time for decision-making, along with an applied rule-based model of fraud identification. So such tools, despite their positioning based on “fraud prevention,” build their anti-fraud solutions on rules which react to every single install. An example of such a solution, which checks every install by a set of rules, might be the following:
a) The given install has a different version in the app store, which differs from the actual installed version. The rules-based solution may consider this as a clear sign of app install fraud, however, this is not necessarily the case.
b) The given install has a TTI (time-to-install) less than 30 seconds. As a rule, this is a sign of fraud for rules-based anti-fraud solutions; however, such a conclusion is always questionable. TTI windows can be very short in many cases without being a fraudulent install (e.g. re-targeting, etc.).
But applying only the conversion analysis to every single install can be extremely inaccurate. Let’s take, for instance, an install with a TTI of 8 hours: can we conclude with certainty that we are dealing with fraud? No, we can’t, since it might be both, a non-fraudulent install and modified click spam.
Or let’s take an install without any post-install activity: here we also can’t make a definitive conclusion, since it might be either a non-fraudulent install, bots or device farms.
3. Another drawback of a “preventive” approach is the irreversibility of its decision. If a decision is made, then it can’t be changed. This problem also prevents the traditional anti-fraud solution from providing a retrospective analysis, which can be extremely helpful in the identification of “shredded traffic” - a tactic of fraudsters designed to hide any sign of fraud.
4. The inability to conduct post-install events analysis. This is one of the most critical flaws of fraud prevention. Precisely the analysis of post-install metrics helps to distinguish a significant volume of different fraud types. As a result, with the fraud prevention approach clients can get a huge number of false positive and false negative decisions in two different ways:
a) Clients get very low completeness of fraud detection (recall). It means that with 10,000 fraudulent installs, the traditional anti-fraud solution will reject about 1,000 fraudulent installs (and will approve 9,000 remaining installs). Along with this, the accuracy (precision) will be quite high. However, in such a format only the most obvious fraud types can be identified, potentially detecting a very small share of the real fraud volume.
b) Clients get a very low accuracy (precision) and an average level of the completeness (recall). That is, out of 10,000 fraudulent installs, the traditional anti-fraud solution will reject about 3,000 fraudulent installs (and will approve 7,000 remaining fraudulent installs). And, at the same time, 3,000 non-fraudulent installs will be also rejected (6,000 - total number of rejected installs). In the given scenario, with a higher level of fraud protection, the true picture of ROI-efficiency during traffic purchases is distorted.