Bots

What are Mobile Fraud Bots?

Mobile fraud bots are one of the fastest growing and most widespread types of mobile fraud. Open source SDKs are the easiest to unpack and simulate, and are therefore more exposed to fraud from bots. 

Bots de fraude assumem duas formas:

  1. Most mobile fraud bots are run off of servers, attempting to simulate the similarly executive specific tasks, such as simulating ad clicks, installs and in-app engagement.
  2. Some bots take the form of device-based malware. This malware attempts to send simulated ad impressions, fraudulent clicks and in-app engagement.

For example, one common device-based bot tactic is SDK Spoofing. In SDK Spoofing, App A will try to impersonate App B, sending false click, install and in-app event reports on behalf of App B. SDK Spoofing is a classic example of a bot that hits marketers using Open Source SDKs far harder than those with stronger security measures, as it is far easier to simulate their clicks, installs and in-app events.

How to block mobile fraud bots:

Mobile fraud bots can be blocked in three ways:

  1. SDK security measures, such as hashing or unique tokens help block bot activity in real-time. Regardless of your attribution provider, using the latest SDK will ensure that you have the latest security updates.
  2. Bot signatures, such as blocking user agents from known simulators and installs with invalid device metadata. The Protect360 team maintains a real-time bot signature database, and automatically blacklists and blocks all fraud from known signatures.
  3. Behavioral anomalies, such as high densities of installs that follow identical or programmatic, non-human behavioral patterns. The Protect360 team has developed our own proprietary behavioral anomaly detection solution, automatically blocking sources sending this non-human traffic.

In the past, IP blacklisting was an effective way to block server-based bots. However, over the last few years, fraudsters have learned to better hide their activity behind fresh, non-blacklisted IPs.