What is SDK Spoofing?
How This Works:
In SDK Spoofing, fraudsters add code to an app (the attacker) which later generates simulated ad click, install and engagement signals to an attribution provider on behalf of another app (the victim). When successful, these bots can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.
How to Identify SDK Spoofing:
- Look for installs from an SDK version that you haven’t utilized. SDK spoofing bots hide on an attacking app, they will often send clicks and installs from SDK versions other than those used by your apps.
- Keep an eye out for spikes in installs from specific SDK versions. If these install spikes don’t coincide with your release schedule, there is a good likelihood you are being targeted by bots.
- Speak with your attribution provider and ask for a complimentary fraud exposure report.
How to Block SDK Spoofing:
- Avoid measurement solutions that utilize Open Source SDKs. Open Source SDKs are inherently a security breach and are much more exposed to reverse engineering and bot attacks.
- Look for an SDK that has secure communications with their servers. At AppsFlyer, we introduced this security measure in 2014 and have since continuously improved it by adding additional security measures.
- Use a fraud solution that blocks bots. Protect360 automatically blocks bots based on our proprietary bot signature database.
- Most SDK Spoofing bots follow pre-programmed patterns. Protect360’s behavioral anomaly detection automatically blocks non-human behavioral patterns, such as those originating from SDK Spoofing.
The AppsFlyer secure SDK is heavily obfuscated binary and virtually impossible to reverse engineer. AppsFlyer’s SDK, combined with AppsFlyer Protect360, drives highly-efficient prevention of bots and emulated devices. Open source code does not belong in an SDK, where it can put user data at risk.
« Back to Glossary Index