SDK spoofing

SDK spoofing if a type of mobile ad fraud where criminals fake installs and in-app events on real devices.

What is SDK spoofing?

SDK spoofing (otherwise known as SDK hacking) is a type of bot-based fraud, often executed by malware hidden on an app. 

How SDK spoofing works:

With this technique, fraudsters add code to an app which later generates simulated ad click, install, and other engagement signals to an attribution provider on behalf of another app.

When successful, this can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.

How to identify when an SDK was hacked:

  • Look for installs from an SDK version that you haven’t utilized – bots hide on an attacking app and will often send clicks and installs from SDK versions other than those used by your apps
  • Keep an eye out for spikes in installs from specific SDK versions because if these install spikes don’t coincide with your release schedule, there is a good likelihood you are being targeted by bots
  • Speak with your attribution provider and ask for a complimentary fraud exposure report

How to block this type of fraud:

  • Avoid measurement solutions that utilize Open Source SDKs because they are inherently a security breach and are much more exposed to reverse engineering and bot attacks.
  • Look for an SDK that has secure communications with their servers
  • Use a fraud solution that blocks bots
  • Search for a solution that has behavioral anomaly detection and that can automatically blocks non-human behavioral patterns, such as those originating from SDK hacking

Get the latest marketing news and expert insights delivered to your inbox