Breaking old ideas

According to Sensor Tower research, global spending on mobile apps will reach an astounding $270 billions by 2025, becoming a honeypot for fraudsters. Obviously, they are more drawn than ever before to bypass security measures to try and steal money.

For years, traditional, rules-based anti-fraud solutions have pushed the narrative that real-time blocking of fraudulent traffic was not only the standard operating procedure, but the most effective one as well. Unfortunately, things aren’t as cut and dry as most would like them to be because fraudsters and fraud schemes continue to grow and evolve, becoming more sophisticated by the day.

There’s no denying that real-time blocking is effective in mitigating a few of the most standard fraud risks and help advertisers uncover and block only the most well-known fraud schemes, but unfortunately, fraudsters are well beyond using only well-known patterns.

Fraudsters have upped the ante as they are now employing multilayered fraud schemes, sometimes by mixing a variety of fraud techniques to avoid getting caught in specific metrics like time to install or so-called “out-of-store-downloads.” Not only that, they’ve also dabbled in artificial intelligence, employing self-learning methods and algorithms that make it hard for rules-based systems to detect any sign of abnormal behavior.

As such, the days of rules-based fraud-detection seem to be numbered.

Fraudsters modus operandi: Reverse-engineering

Every day, fraud schemes are getting better and better at mimicking authentic user behavior by employing mutating, unstable, and hard-to-make-sense-of properties, making it possible for fraudsters to bypass traditional anti-fraud solutions.

With so much money at stake, it’s easy to see why fraudsters are willing to go to such great lengths, going as far as employing as many tools and channels as possible to reverse-engineer some of the most commonplace anti-fraud techniques. These include:

  • Hacking anti-fraud solutions. Finding vulnerabilities in anti-fraud solutions to get access to algorithms and technologies used for fraud detection.
  • Reverse engineering install rejects. Operational data becomes available to fraudsters and can view feedback to understand how their fraud scheme was identified, and which elements remain undetected.
  • Getting ahold of documentation made publicly available by anti-fraud solutions including white papers, articles, and reports. In good faith, most anti-fraud solutions publish such information in the spirit of being more transparent with clients and prospects, but unfortunately, such useful information can wind up in the hands of criminals.

Most of the time, we can safely assume that rules-based anti-fraud solutions offer real-time blocking under standard presets of fixed thresholds that can be easily reverse-engineered, making it impossible to unveil new or emerging fraud schemes. These fixed thresholds also make it virtually impossible to adjust to newer fraud patterns, in which case, real-time blocking becomes irrelevant.

In short, real-time blocking based on rules-based algorithms are only capable of detecting the most primitive methods of fraud.

How real-time blocking is failing to protect you from fraud

There’s a common phrase that says “if something seems too good to be true, it probably is.” Well, the same applies to real-time blocking.

As stated, rules-based anti-fraud solutions who heavily advertise on their real-time blocking capabilities typically depend on a set or predefined, automated rules aimed at identifying only high-profile fraud patterns. This type of approach operates by analyzing only specific data parameters and flagging any data points that steer away from what’s considered under the normal threshold.

In order to analyze millions of install data points in a matter of seconds and provide an accurate answer on the spot would require computational power beyond anything the industry is capable of employing at the moment, so in that sense, effective and accurate real-time blocking is virtually impossible to achieve.

Advertisers would love nothing more than to block all forms of ad fraud in real-time, but within the framework of rules-based anti-fraud, there is such a thing as excessively blocking what may appear to be fraud but is not actually fraud. Rules-based approaches don’t take into account the nature of the source’s traffic, which could lead to a dramatic spike in the level of false positives, which leads clients to falsely reject good traffic and spoil the relationship between them and the ad network source.

If every anomaly were treated as fraud, advertisers may find themselves in a slippery slope that can be misleading and harmful. Normal events such as a server delay or a bug can cause abnormal activity, but that doesn’t mean it’s fraudulent activity.

The number of false positives of real-time blocking can mean that advertisers lose attributed installs and money for each one of those false positives and can also expose them to attribution theft as fraudsters generate fake clicks and installs from real users including schemes like click injection or click spamming.

Unfortunately, real-time detection and real-time blocking have become so widely advertised that many advertisers fall under the trap of too many false positives which may end up compromising the quality of their traffic and the integrity of their data, and it also makes it impossible to conduct post-install analysis which is crucial to accurately detect smart types of fraud such as smart bots.

In that sense, the signaling of fraud needs to be more robust than a simple rules-based approach to real-time blocking. Supervised and unsupervised machine learning techniques and algorithms are the only ones capable of detecting new and emerging abnormalities and fraud patterns.


Mobile ad fraud is getting harder to detect each day that passes, and with billions of dollars at stake, the price for advertisers is simply too high.

Scalarr’s Protection Suite is the industry’s most accurate and smart solution that helps detect all fraud types, regardless of complexity. Thanks to its AI-powered engine packed with several layers of machine learning algorithms and neural networks, Protection Suite helps analyze hundreds of millions of data points, growing more sophisticated by the day thanks to its learning capabilities that allow it to spot even the most heavily disguised fraud attacks.

Different machine learning and neural network models work in tandem to produce the most accurate results and give clients visibility of their data, all with the goals of keeping traffic healthy and budgets safe.