What are Bots in Relation to Mobile Fraud? | AppsFlyer


What are Bots?

Mobile fraud bots often run off of servers, attempting to simulate specific tasks, such as ad clicks, installs and in-app engagement, masquerading as legitimate users.

Another form of bots can be identified as malware located on a user’s device. This malware attempts to generate fake ad impressions, fraudulent clicks and in-app engagement.


How this Works:

Server based bots will operate via emulators (device simulating software) by mimicking an active user’s behavior, interacting with ads, completing app installation funnels and some even reaching as far as a deep in-app event. These programs constantly refresh their metadata, observe and learn user behavior patterns, later applying them in their activity to go under the radar of fraud protection solutions. 

IP blacklisting is often applied for blocking server-based bots, however, fraudsters have learned to better hide their activity behind fresh, non-blacklisted IPs, forcing constant updates in blacklists and advanced solutions for fraudulent IP detection.

Device-based bots could use a tactic called SDK Spoofing, in which App A will try to impersonate App B, sending false click, install and in-app event reports on behalf of App B.

Apps with open source SDKs or ones with low security measurements are more likely to suffer from such attacks as their SDK is easy to breach and mimic.


How bots work


How to Block Mobile Fraud Bots:

Open source SDKs are the easiest to unpack and simulate, and are therefore more exposed to fraud from varied bot attacks.

  1. SDK security measures, such as hashing or unique tokens help block bot activity in real-time. Using the latest SDK version of your attribution provider will ensure that you have the latest security updates and are up to par with known bot tactics.
  2. Bot signatures: Protect360 maintains a real-time bot signature database, automatically blacklists and blocks all activity from known signatures.
  3. Behavioral anomalies, such as high densities of installs that follow identical or programmatic, non-human behavioral patterns. Protect360 applies a proprietary behavioral anomaly detection solution, automatically blocking sources generating such non-human traffic.


Why AppsFlyer:

The AppsFlyer secure SDK is heavily obfuscated binary and is virtually impossible to reverse engineer. AppsFlyer’s SDK, combined with Protect360, drives highly-efficient prevention of bots and emulated devices


Learn more about mobile fraud

« Back to Glossary Index