Active Fraud Insights

The Most Advanced Fraud Detection Platform In The World

Mobile fraud is a serious and growing concern, impacting marketers across every region, vertical and app platform. Since 2011, the team at AppsFlyer have worked hand in hand with the world’s largest brands to actively combat mobile fraud. Robust fraud protection requires a multi-layered approach, utilizing a mix of technologies that actively block known fraud (fraud prevention), as well as robust after-the-fact detection. Our Active Fraud Suite delivers the world’s most comprehensive real-time anti-fraud protection. Active Fraud Insights takes this even further, providing the industry’s most advanced fraud detection platform.

Best-in-Class Fraud Detection: because prevention isn’t always enough

The state-of-the-art in automated, real-time fraud prevention is not bulletproof. Savvy fraudsters often use a variety of tactics to fool even the most advanced fraud prevention solutions. For example, over the last two years we have seen fraudsters developing smarter bots, enabling Limit Ad Tracking to hide their deviceIDs, adapting to blacklisted IP addresses, resetting deviceIDs between installs on real devices and even developing advanced malware that injects clicks during the install process.

Active Fraud Insights is the most advanced fraud detection platform in the industry, delivering a comprehensive dashboard that reveals not only what activity has been blocked, but when and where likely fraud has occurred. These deep insights allow marketers to take immediate action, eliminating problematic SiteIDs (sub-publishers), as well optimizing media sources, campaigns and even geo-targeting with remarkable speed and precision.


Turning Big Data Into Fast Insight and Real Impact

Deeply experienced data scientists can spend a few days with a massive data set, seeking anomalies that indicate that something fishy has taken place. However, this process is slow, expensive and often involves negotiating with networks weeks or months after an install occurs.

After years of performing this deep, hands-on fraud analysis, we built Active Fraud Insights. Active Fraud Insights takes the hard work out of big-data driven fraud detection, delivering the insights you need to quickly and efficiently identify and address both certain and likely fraud.


Live, Dynamic Filters

The entire Active Fraud Insights dashboard is fully dynamic. Drill down into specific media sources, geographies and custom date ranges to dive deeper into your fraud data. You can even “Group By” Media Source / Campaign,  Site ID (sub-publisher), Geo, Channel and Media Source + Site ID to identify where both fraud and likely fraud is occurring. All filters update the live Active Fraud Insights console, in real-time.

Advanced Distribution Modeling


Click to Install Time (CTIT) is an incredible signal for both fraud prevention and fraud detection. Whereas AppsFlyer’s Active Fraud Suite uses CTIT to block known-fraud in real-time, the Active Fraud Insights console provides marketers with deep insights into their CTIT trends for thorough distribution model-based anomaly detection. Marketers can easily configure the visual to show on a scale of seconds, minutes or even hours, making anomaly detection a quick and easy task.

In a fraud-free world, CTIT distribution models would look like this:

Fraud Free CTIT Distribution

Unreasonably short install times (under a few seconds) indicate install hijacking.

Install Hijacking


Nearly uniform distribution (flat lines) over a number of days indicate click flooding.

Click Flooding

Mobile Install Fraud

This powerful visual displays the distribution of installs based on their DeviceRank™ rating.

  • Install from New Devices
    Large numbers of installs from new devices indicate a DeviceID reset marathon.
  • LAT Installs
    High concentrations of installs with Limit Ad Tracking enabled indicate install fraud.
  • Suspicious Installs
    Large concentrations of devices with suspicious DeviceRank™ ratings indicate fraudulent install traffic.Note: AppsFlyer automatically blocks installs from devices rated as known fraud. Devices with mixed fraud signals are rated as suspicious. High concentrations of installs from these devices is a strong indicator of fraud.
  • Clean Installs
    Analyzing the distribution of clean installs helps to identify top media sources and benchmark others.

“Clean, fraud-free data is the baseline for a strong mobile marketing practice. AppsFlyer’s solutions, from their anti-fraud tools through in-app events and retargeting have a substantial impact on our mobile ROI.”
Doni Nathaniel Pranama, Head of Analytics & Internet Marketing

Install Fraud Detection

Big data analysis for fraud detection used to require a trained data scientist and hours of hard work. Active Fraud Insights simplifies this process, allowing any smart mobile marketers to detect fraud in just minutes.

Install fraud can be perpetrated in a number of ways. The insights below help marketers identify where criminals are hiding, so they can take timely corrective action.

New Device Insights

Your New Device install data is key in identifying DeviceID reset fraud. Sort by the total number of installs from new devices to determine the scope of the DeviceID reset fraud. Next, look at the New Device Install Rate (the ratio of new devices out of total install) to determine the worst offenders. While most media sources or geos will have a relatively low New Device Install Rate, those with the highest rates warrant further investigation.



Once you have found a source perpetrating DeviceID reset fraud, consider changing the filter to Geo, Channel or Media Source + Site ID to dig deeper. Often, there are a few problematic Site IDs (sub-publishers) sending high numbers of new devices. Remember, only pre-install campaigns should have high New Device rates.


Look for campaigns, media sources, geos and Site IDs with high New Device Install Rates and low loyal user rates to identify quick-wins against DeviceID reset fraud.

Limit Ad Tracking Insights

When users enable Limit Ad Tracking (LAT), the operating system hides the installing device’s DeviceID. While this feature was introduced to protect user privacy, fraudsters often try to avoid device-based fraud detection by enabling Limit Ad Tracking. High concentrations of LAT-enabled devices often indicate fraud.

Hiding fraud behind Limit Ad Tracking

Remember to sort by Geo when using this filter, as some regions have higher LAT rates than others. Similarly, look to channels with high clean-install rates for LAT benchmarks.

Discover why the world's leading marketers rely on Active Fraud Insights.

Suspicious Device Insights

The majority of installs from devices with a suspicious DeviceRank™ rating are fraudulent. While not all installs from suspicious devices as fraudulent, high concentrations installs from these devices indicate device-based install fraud. Any campaigns, channels or Geos with a high number of installs from Suspicious Devices or a high concentration of installs from these devices, coupled with low retention rates should be discontinued.

Clean Device Insights

Sources with a high rate of devices rated as clean by DeviceRank™ have a low degree of install fraud. Look for a Media Source, SiteID or Geo with a high number of Clean-Device installs and a high Clean-Device install rate to use a loyalty benchmark.


Install Hijacking

Install hijacking malware inserts clicks while installs occur, effectively “hijacking” the install for their media source.

Install Hijacking – How It Works

How to Detect Install Hijacking

Large numbers of installs or high concentrations of installs with short CTIT indicate which sources are most compromised by install hijacking.

Click Flooding

In click-flooding, criminals send a massive number of clicks, hoping to deliver the last click before an install. High click volume and low conversion rates suggest that clicks are being dramatically over-reported (click-flooding). Similarly, long CTIT times indicate that installs are being attributed to random clicks from a click flood. Lastly, high contributor rates indicate that the source in question is dramatically over-reporting clicks.

Click Flooding – How It Works

How To Detect Click Flooding

The Active Fraud Insights Advantage

  1. BIG Data

    The AppsFlyer Vault (our proprietary anti-fraud database) is over 10x larger than the next largest anti-fraud database. Scaled data coupled with advanced machine learning and AI both block and detect new sources of fraud with remarkable speed.

  2. 100% Unbiased, No Conflicts of Interest

    Whereas many attribution providers generate significant revenues from ad networks and affiliate networks, our only interest is in advertiser performance. We will never offer paid products for ad networks, affiliate networks, a paid partnership program or a DMP/Collective.

  3. Total Transparency

    AppsFlyer pioneered the full raw data report, and continue to offer our marketers total transparency. We have nothing to hide.

  4. Deep Experience Delivers The Insights That Matter

    Active Fraud Insights is built on six years of deep anti-fraud analysis and experience. Get the insights that matter, without the distractions that don’t.

  5. Proprietary data and scoring including DeviceRank™

    Most fraud solutions rely on third-party licensed data. Fraudsters adapt remarkably quickly, and have found ways around these industry-standard databases. We use our own blacklists, distribution analyses and DeviceRank™ ratings, delivering 3x-12x better protection.

What are you waiting for?
Start Measuring With AppsFlyer Today