Mobile Fraud

James Haslam by James Haslam | January 27, 2022

To offer better fraud protection for our customers, Liftoff has enabled Click Signing in partnership with AppsFlyer. From today, AppsFlyer customers who work with Liftoff are now protected from a form of fraud known as “phantom clicks.” Combined Liftoff and AppsFlyer customers don’t need to take action, the solution is already running for you.

How We Got Here

Liftoff has always sought to halt the impact of click spam by training our machine learning models to target users that make meaningful actions in an app. This action has also helped to mitigate against simple forms of ad fraud, such as click spam. 

But fraud always evolves to become more sophisticated, and different kinds of fraud can sometimes slip through. In an effort to stop fraud in its tracks, Liftoff validates clicks before passing each click on to mobile measurement partner (MMPs) to prevent as much fraudulent attribution as possible.

While effective, a recent form of click spam we call “phantom clicks” has become increasingly visible, evading our traditional method of fraud mitigation. To combat this new type of fraud, we’ve partnered with AppsFlyer to prevent our customers from being affected.

What are Phantom Clicks?

Phantom clicks” are clicks that are captured and replayed directly to an MMP, cutting the DSP and their validation out of the picture.

A fraudster starts by obtaining an MMP attribution URL from a legitimate ad (when it is available directly in the markup) or by intercepting the URL during the DSP to MMP redirect chain. Once acquired, the click URL is periodically (e.g. daily) sent to an MMP  to increase the likelihood that they receive credit if the device installs the app in the future. This benefits the fraudster, whose goal is to raise the perceived value of their inventory and divert additional DSP spend.

Because these replayed clicks often involve real impressions/clicks and legitimate devices, they are difficult for DSPs and MMPs to detect. The DSP will only see a single click in their logs and will receive a valid click ID from the MMP when the fraudster successfully takes credit for an install.

How Our Solution Works

Click signing prevents the modification or fabrication of clicks and enables MMPs to invalidate laggard or duplicate clicks, securing the clickstream and minimizing click spam.

When Liftoff generates AppsFlyer click URLs, we append an expiration timestamp and cryptographically sign the entire URL with a secret key. When AppsFlyer receives the click, they verify the click has not expired and validate the signature using the same secret key Liftoff used to sign the click. If the click URL is modified in any way, such as if a fraudster tries to change the expiration timestamp, then the signatures won’t match up. Any clicks that are expired or contain invalid signatures are immediately flagged and rejected by AppsFlyer.

This technology prevents fraudsters from claiming attribution and the rejected click logs are valuable for identifying and blocking fraudulent publishers.

If you’d like to learn more, please contact us or stay connected by following Liftoff on LinkedIn.