Weeding out organic fraud

By Michel Hayet
Weeding out organic fraud - square

It’s long been established that mobile fraud infects non-organic traffic and drains budgets, but does it also pollute organic traffic?

Fraudsters are drawn by money – no surprises there. But where does this money come from? Well, it comes from paid marketing activities such as  user acquisition where advertisers pay publishers for driving new users to their app.

This mechanism creates an incentive for legitimate media publishers to try and attract users to generate revenue. But it also creates an equally powerful incentive for fraudsters to take a slice of the pie. The higher the CPI and/or marketing budget, the higher the incentive and therefore likelihood of bad actors to surface.

So, the question remains, what incentive exists that encourages fraudsters to target organic traffic? In other words, where is the money?

The incentive behind organic fraud

When it comes to fraudulent organic installs, the discussion will almost exclusively focus on fake organic users. While organic installs can still be hijacked to falsely claim attribution for them, the mere association of attribution credit (legitimate or not) will remove them from the organic fraud discussion. 

In the context of organic activity, where there is no attribution to hijack, only fake installs fit the bill, as fake users can be generated in both organic and non-organic forms.

The only question is: why would they exist in organic form?

Fake users can either be created by a type of malicious software or program, or by a mobile device farm. Both  types are meant to continuously generate user accounts and devices out of thin air. A mobile device farm will do so by constantly refreshing device identifiers for real devices, whereas bots can simulate the devices altogether and simulate fake users.   To generate  fake users at scale, operators will do everything possible to portray a false image of real-user behavior. This manipulation can be achieved either by device emulators or human operators.

To understand the reasoning behind creating fraudulent organic installs, we must first realize that it is very likely meant to “service” the fraudster’s greater cause as mentioned above.

Device laundering 

Fraudsters are no strangers to the online advertising landscape. More often than not, they even come  from within the industry itself. Their operation will come into existence once a loophole or weakness is identified for possible exploitation.

One scenario for creating fake organic users could be driven by the fraudster’s familiarity with anti-fraud solution functionality. 

Some solutions in the market take into consideration the aspect of “new devices” in a media source’s traffic as part of their fraud identification parameters. 

Fraudsters run numerous tests to try and reverse engineer detected algorithms. They’re also aware of the fact that the majority of anti-fraud solutions don’t analyze organic traffic under the misconception that fraud doesn’t exist there.

Referring to previous posts, a misconception on one end is an opportunity for the fraud operator on the other end.

By artificially generating fake organic users under newly-created device IDs, the fraudster basically legitimizes that new device, as its identifiers are now familiar to the anti-fraud algorithm and will therefore not fall under the definition of a “new device” or a “new user”.

This means that once the fake user or device registers an organic install, they’re basically free to go ahead and create non-organic installs without being detected as fraudulent by most anti-fraud solutions.

With 38% of organic installs detected as fraudulent in December 2021, the business impact of such activity is very big.

Remember, for the fraudster, money is not wasted; fake users cost almost nothing to generate (especially when the operation is functioning at scale). These organic users may not generate immediate CPI revenue for the fraudster, but will rather be “sacrificed” in an effort to be recognized as a legitimate device/user for future fraudulent activities. 

Complimentary organic growth

A well-established scenario in the world of user acquisition is when a campaign is successful and non-organic installs grow in numbers, so do the numbers for organic installs.

As stated earlier, fraudsters are well aware of this and they aim to create a holistic experience that mimics a successful campaign. This includes throwing fake organic users into the mix to complement the non-organic growth.

These organic users offer double the value – they not only contribute to the overall “real” feeling of the fraudster’s operation, but they can also be displayed as alleged proof for the fraud activity’s legitimacy should the operator be confronted with fraud claims from the advertiser.

While many tend to brush aside the possibility of organic fraud, AppsFlyer recorded a steady increase of over 37% in detected organic fraudulent installs over the past six months.

Product impact

Organic user misconceptions not only damage an app developer’s user acquisition efforts, but may also have a dramatic impact on the app’s functionality itself.

Organic users are widely considered to be an app’s best users, as users who were organically drawn to download and use the app on their own volition, without any ad to “convince” them. They really do want to use the app for whatever intention it was created.

This leads app developers to base the majority of their app optimization decisions on the behavioral data recorded from this set of users. These optimizations can range from how the app is presented, through its user experience, to its core offering and functionality.


The marketer’s field guide to mobile ad fraud

Learn more

Keeping an open eye

Fraudulent activity is highly likely to exist at any point where money can be made. The falsified assumption that fraud doesn’t exist is a considerable first step in confirming its current or future existence.

AppsFlyer Protect360 anti-fraud solution will now also show where fraudulent activity exists in our advertisers’ organic installs. This is yet another innovative step in our ongoing effort to leave nothing to chance in the continuous battle against fraud in our ecosystem.

Michel Hayet

A former digital entrepreneur, Michel has experienced all aspects of the mobile marketing ecosystem. Studying the intricacies of the digital advertising space, Michel explores technology innovations surrounding mobile ad fraud, predictive analytics, and various tech-stack solutions that make mobile marketing safer and more efficient.

Follow Michel Hayet

Ready to start making good choices?