Every App Developer’s Nightmare: Incorrectly flagged for ad fraud
“Action Required: Your app may be suspended unless the violating app(s) are removed of the policy violations are otherwise immediately resolved.”
Very few emails are more bone chilling to receive than an automated policy violation sent with few details and vague indications of the problem. It doesn’t help that it always seems to happen on a Friday evening.
Over the years we’ve seen most apps get into some type of compliance trouble at some time or another and in most cases it’s the same situation: an ad-supported app receives a violation but has no indication of what the problem could be.
Having been on both the receiving and sending side of these notices, I’ve walked plenty of app developers through rectifying ad fraud in the past decade and found it high-time to give some background and insights into the why and how to fix these issues.
Yes the notice is vague. No, they won’t give you more details.
Quite simply purposeful ad fraud happens when someone exploits a weakness in digital ad-serving technology. By sharing details on what was flagged, the advertiser may inadvertently share how the flagging is accomplished, steering the actual fraudsters into building another work-around.
ADVERTISER: Notice, you’re flagged with ad fraud. You’re serving 10 impressions to a user within a second.
FRAUDSTER: Oh, I guess that’s the limit.
You can expect the help to be vague and only directional. This isn’t them being difficult, it’s the advertiser implementing security through obscurity as a security layer. That said: don’t ignore the direction. There’s a reason for the details they include and it will help you narrow down the direction for a fix.
While algorithms are mostly responsible for flagging an account, in almost all cases a human will be responsible for overriding and clearing the flag. It pays to be helpful, communicative and responsive to these notices. The folks that are committing ad fraud aren’t going to be as open – or as concerned with the outcome as you are. Lean into the human angle as much as you can but again don’t be frustrated by the lack of details.
The common causes of ad fraud:
By in large the causes of ad fraud fall into 4 categories:
This is when the ad is called but not shown, or not measured as viewiewd, or partly obfuscated– AKA an impression discrepancy it’s a common-enough problem we’ve written an entire article on how to find and diagnose these issues.
2. Bad Traffic
Bot fraud / Nonhuman / data center traffic – This is when you’re getting users who are automating your app. We’ve seen this happen when the users begin emulating the app to scale their participation – this can be completely unrelated to ads and relatively harmless – for instance running the app in a PC emulator to get more coins – but since advertisers are paying for ad placements, flags go off when the traffic isn’t coming from a mobile device.
Spoofed/Pirated Apps – This is just part of a more sophisticated scheme, basically when someone replicates/pirates your app (and bundleID) for the purposes of legitimizing fake campaign install traffic. In this case the “mark” is the advertiser who’s paying for these installs. It was more common a few years ago but nowadays is pretty rare.
3. Non-Compliant Partners
This is when there’s an ad SDK that’s causing the problem– When a 3rdparty SDK or partner has been removed from the app store but you’re running it in your app. Generally this news isn’t obfuscated but you may not have heard the latest update.
Forced Clicks / Hijacked Devices – Generally this is caused by malicious code injected into the app – via an ad or elsewhere—forcing an unintentional user click. Some ad partners have allegedly “auto-clicked” to the app-store and this drives up CTR massively. Also we’ve seen malware ads that take-over the UI and auto-click to another site for the attempts of phishing the end-user.
4. Fake or Accidental Clicks
Bad ad placement/bad UI (accidental clicks, forced clicks, incentive clicks) – simply put, if the advertiser deems the app is causing artificial of coercive ad engagement, this will be a problem. This can be as simple as an ad shown too close to a menu generating accidently – or bounced—clicks; all the way to the app providing reward for clicking on the ad.
What you can do: fixing the ad fraud violations
You know your app better than anyone so you’re likely best suited to track down the solution. While generally the advertiser will narrow down the problem to a category above, don’t expect much specific help. Your best bet is to try to resolve the problem then re-submit as soon as you can.
Tracking down the offending creative/advertiser is often a fruitless exercise. If the offending party is purposeful with negative intent, finding them can be like finding a needle among a stack of needles. The offender will want to avoid being found and use re-directs and creative targeting to keep you from finding them. A more clever method we saw was an offending advertiser avoid serving on wifi, knowing testing devices are seldom running on cellular data.
As far as technologies, there are some partners that specialize in ad quality: we’ve got friends at Confiant and clean.io – but these solutions require an SDK and the app developer doesn’t have the luxury of waiting to implement and deploy the platform. Other solutions – a la SafeDK – can also be helpful but are now limited to a single ad monetization platform (MAX by Applovin).
Often the best method for isolating the problem starts and ends with looking for anomalies within your own ad reporting. High CTR from an individual network might indicate where a “bad ads” is slipping through the cracks – high CTR everywhere may indicate bad UI or a technical issue. Check for wild swings in CTR as a red flag. Often limiting your ad partners to the just the most trusted first-parties can be a good step while you troubleshoot.
Long-term we often recommend apps implement a “dead-man” switch so if your primary ad mediation platform shuts you down, you can swap on another back-up while you work out the details. This can limit some potentially painful ad downtime if the issue is prolonged.
AdLibertas makes products to help app developers make better apps. Our clients use our products to help better measure, monetize and optimize their users and in-app earnings. If you’re an app developer and interested in learning how AdLibertas can help you, contact us to see how our products can help.