4 Min. Read

Представляем Active Fraud Insights 2.0

Avatar Jon Burg May 22, 2017

Over the last two years, the scale and sophistication of mobile fraud have grown at an alarming rate. While our Active Fraud Suite continues to provide the industry’s most comprehensive real-time fraud protection, not all fraud can be blocked in real-time. Today, we are proud to share a number of exciting updates to Active Fraud Insights, the world’s most advanced fraud detection platform.

Active Fraud Insights: Answering A Growing Need

Unfortunately, in today’s market, marketers bear the costs of mobile fraud. Fraud drains marketing budgets and pollutes marketing performance data – resulting in mismanaged marketing budgets and further financial damage. This cancer must be carefully excised from the mobile marketing ecosystem.

While our automated, real-time fraud protection continues to deliver substantial savings to AppsFlyer customers, large marketers are often targeted by massive waves of fraud that cannot (yet) be blocked by today’s real-time fraud technologies. Over the last six years, our fraud scientists have worked closely with savvy marketers, helping them better detect fraud using their raw data reports. Active Fraud Insights takes this to the next level, providing savvy marketers with a dedicated anti-fraud dashboard built on both advertiser-specific and AppsFlyer-generated anti-fraud data signals. Because the anti-fraud team at AppsFlyer builds our internal fraud signals on the world’s largest anti-fraud database, our machine learning can detect and flag emerging fraud faster than any other platform in the world.

Core Values: Speed, Ease of Use, Solid Proof

Every element of Active Fraud Insights is designed to deliver fast access to the right data, so advertisers can take timely corrective action. Over the last year, Active Fraud Insights has helped dozens of large marketing teams take an active stand against their mobile fraud. By quickly detecting this fraud, marketers stopped offending SiteIDs, and problematic Geos and Networks before substantial damage was done.

The value to marketers has been incredible. In Q1 2017, Active Fraud Insights helped marketers detect and address over $30 million dollars in fraud. With today’s updates, this platform is getting even better.

Improved Visuals and Filters

By popular request, we have introduced fresh new visuals and filters to Active Fraud Insights. We have added Media Source + SiteID alongside Media Source / Campaign, Channel, SiteID and Geo in the Group By options. Grouping by Media Source + SiteID allows marketers to quickly identify the worst sub-publishers and quickly take corrective action.

On the visual front, we have introduced a number of fresh new ways to analyze your data.
Click to Instal Time (CTIT) distribution should follow a typical bell curve.

Set the timeframe to second to identify unreasonably short CTIT times. These short CTIT times indicate install hijacking.

Перехват установок

Unreasonably short install times (under a few seconds) indicate install hijacking.

The simple dropdown changes the timeframe from seconds to hours, or even days. Uniform CTIT distribution over a long period of time is another indicator of click flooding .


Uniform distribution (flat lines) over a number of days indicates click flooding.

We have also introduced an all new Source Distribution visual. This visual shows the percentage of sources with devices by DeviceRank™ rating. For example, sources with high concentrations of new devices, devices with Limit Ad Tracking enabled, devices flagged as suspicious, or sources with low clean install rates all warrant further investigation. This new visual makes it easy to determine which sources warrant further investigation.

Dive Deep With Advanced Detection

Click Flooding

High click volume with low click-to-install conversion rates,  as well as long CTIT times and high contributor rates are all indicators of click flooding.  To explain, high click volume and low conversion rates suggest that clicks are being dramatically over-reported. Similarly, long CTIT times indicate that installs are being attributed to random clicks. Lastly, high contributor rates indicate that the source in question is dramatically over-reporting clicks.

Install Hijacking

Because install hijacking mobile malware insert clicks during the actual install, hijacked installs have unusually short click-to-install-times (CTIT). Large numbers of installs or high concentrations of installs with short CTIT indicate which sources are most compromised by install hijacking.

Install Fraud

    • Install fraud hiding behind DeviceID reset fraud
      Installs from new devices (DeviceIDs not yet rated by DeviceRank™) are rare. High concentrations of new devices indicate that the source has been compromised by DeviceID Reset Fraud.
      Similarly, pre-install campaigns should deliver exclusively new devices.


    • Install fraud hiding behind Limit Ad Tracking
      Many criminals seek to avoid device-based fraud protection by enabling Limit Ad Tracking on their devices. Unusually high concentrations of Limit Ad Tracking in a given GEO, particularly when correlated with low loyalty rates, indicate likely install fraud.


    • Install fraud from Suspicious Devices
      Though not all installs from devices flagged as “suspicious” by DeviceRank™ are fraudulent, high concentrations of installs from these devices are a strong indicator of device-based install fraud.


  • Installs from Clean Devices
    High concentrations of installs from devices ranked as clean indicate a strong, device-based fraud free source. These sources are a helpful benchmark when determining a source’s susceptibility to install fraud.

To learn more about these exciting updates, please speak with your Customer Success Manager or schedule your AppsFlyer demo today.