Blog Article

Mobile ad fraud taxonomy

, Moloco

June 12, 2018

 In our series on fighting ad fraud, Moloco proposes a taxonomy for the major classes of mobile ad fraud.


While the web advertising industry remains relatively mature, the mobile ad ecosystem is still very much the wild west. We still see a lot of M&A activity, many of the major companies are hiring very fast, and the industry events are lavish by any standard. From outwards appearances, the industry is quite healthy.

The multi-billion dollar secret, however, is that a lot of fraudulent behavior is the norm within the industry. As traffic passes from publishers to networks to attribution providers to your reporting dashboard, there are many points of failure. In our prior article we argued that networks are the worst actor, but we note that every time traffic gets passed along this chain there is an opportunity for fraudsters to step in. If networks got cleaned up, fraudsters would find a new attack vector.

To further complicate matters, this chain will continue to grow and adapt. This already happened when attribution providers first stepped into the scene. They existed initially to provide a referee to much of the ad fraud in the space. However, if an attribution provider could hypothetically be corrupted by fraudsters, then we may see additional links added to this chain.

Therefore, when considering a taxonomy of mobile ad fraud, we looked for a framework flexible enough to account for all the myriad ways the landscape may evolve. Here is what we propose

Our Taxonomy

We propose this simple taxonomy of mobile ad fraud:


While people may argue of semantics at each stage, it is clear no install could exist outside this basic rubric. In our experience, it turns out to be quite useful, as most installs can be bucketed into these categories. Let us look:

Phantom Install

This category includes fraud where there was an actual install but no download such as existing user, SDK spoofing, attribution bug.

SDK spoofing

This is a form of bot-based fraud. Fraudsters add code to one app that sends simulated ad click, install, and engagement signals to an attribution provider on behalf of another app.

Junk Install

A junk install occurs when there’s no real user behind an install. Examples include install farms, emulator, incentivized, deviceID reset.

Device ID Reset

This is the latest and not so greatest emerging source of mobile fraud. Every mobile device has its own DeviceID, which fraudsters reset between each install, to generate what looks like new clicks and, in turn, unique installs.

Install Farm

Installs farms are physical locations with sometimes even thousands of real mobile devices. Fraudsters click, install, and engage with mobile apps providing lucrative payouts and huge drains for victims.

Poached Organic

This category includes fraud such as click injection, click spamming, fingerprint abuse. Here are some examples:

Click on impression

A rotten network sends out a fake click for every impression it serves (meaning a miraculous 100% click-through rate!) and attempts to poach organic installs.

Click injection

This is a form of attribution stealing where someone else is getting credit for 80% of the installs you drive. This means 80% of your revenue is lost! The practice began at the publisher-level among a small number of apps and spread across apps. A more advanced form of click spam, after identifying a download of an app has begun, fraudsters trigger clicks before the organic install completes effectively receiving the credit.

Real Paid Install

If an install does not fall into these other three categories, we presently assume it is a “real install” and deserves attribution.


Do you agree with our taxonomy? Why or why not? Did we forget any forms of fraud that could exist outside this framework? Please tell us your thoughts. We believe the only way we can combat mobile ad fraud is by working together.

If you are interested in fighting ad fraud, we recommend DoubleCheck, a free anti-fraud suite that syncs with your existing MMP data. Please email us at or visit for additional information.

Editor’s choice

Beyond generative AI: How operational machine learning is transforming mobile app marketing

Explore how the transition from generative AI to operational machine learning is reshaping mobile app marketing and learn how leveraging this cutting-edge technology can unlock exponential growth and unparalleled success in the digital realm.

Better understand how users are engaging with your video ads with Engaged-View Conversions

Uncover user engagement insights with Engaged-View Conversions. Gain a deeper understanding of how users interact with your video ads beyond clicks and views. With EVC, discover that users who watch skippable videos for more than 10 seconds or complete shorter ads are 4 times more likely to convert. Now available for all Moloco advertisers, EVC provides comprehensive data on views, engaged-views, and clicks to shape your marketing strategies. Enhance decision-making and drive business growth. Visit our Help Center or contact your Moloco representative for details.

Elevate your iOS performance with SKOverlay

Experience the power of SKOverlay, Apple's innovative creative rendering format. With SKOverlay, iOS marketers can display captivating ads accompanied by a convenient overlay. Users can effortlessly install advertised apps in the background, without leaving their current screen. Enjoy improved user experience and higher SKAN conversion rates of up to 30%. Streamline app installations and drive iOS engagement with SKOverlay. Learn more at our Help Center or contact Moloco.

Subscribe to the Moloco Newsletter

Want to learn more?