Click fraud is a reality of the modern web. It occurs on websites and in mobile apps. Moreover, it collectively costs publishers millions of dollars in wasted marketing funds. Worst of all, mobile click fraud is more difficult to detect than website fraud.
This may come as a surprise to publishers who think mobile apps are more secure. When it comes to mobile click fraud, they are not. In fact, they are less secure than a typical website. Why? Because of the nature of how mobile apps are built and run. App developers do not use the same tools available to web developers.
Click Fraud on Websites
For the record, Fraud Blocker says that click fraud is rampant both on websites and in mobile apps. But unlike mobile click fraud, site fraud is easier to detect using both automated software tools and old-fashioned sleuthing.
Pay-per-click (PPC) ads delivered through websites are designed to track everything from the initial view to eventual conversion. The entire journey is monitored directly inside the user’s browser. And with the use of cookies and JavaScript, web developers can keep track of everything.
A savvy web developer can analyze data to determine if a website is experiencing an inordinate number of background clicks. He can easily look at ad-generated traffic and determine whether it is translating into conversion. This is all possible because of the way web browsers collect and report data.
Mobile Click Fraud Is Different
Although many of the strategies used by fraudsters are employed across both websites and mobile apps, the apps themselves make it more difficult to pick up on the fraud. For starters, mobile apps do not utilize JavaScript and cookies as a general rule. So analytics revealing the data attached to said apps is very limited.
Next, fraudsters can get around attempts to track click origin by modifying HTTP requests. A simple example is modifying a request to make it look like a click came from a cell phone rather than a hijacked smart TV.
By modifying HTTP requests in this manner, a fraudster can hijack connected devices and make them appear as cell phones with legitimate IP addresses. The device ends up sending data requests with seemingly legit device headers attached. Furthermore, a single click can generate fraudulent HTTP requests and device information for hundreds of simulated devices at a time.
Unfortunately, the nature of how mobile apps work mean that these sorts of tricks are quite easy for even the most rudimentary fraudsters to pull off. Find a way to stop them and they will just come up with another trick.
Fighting Fraud Is Still Worthwhile
This by no means suggests that publishers should just give up. It doesn’t mean they should accept the fact that mobile click fraud exists and that a portion of their PPC advertising budgets will be flushed down the toilet.
Rather, publishers can adopt a few simple strategies to limit the damage. First and foremost, limit the amount of time a PPC ad campaign runs. As soon as the results flatten out, end it.
Second, keep an eye on conversion rates. Legit PPC campaigns should yield higher conversion rates. Lots of traffic without conversion is good reason to yank an ad campaign.
At the end of the day, desktop and mobile are not as similar as they appear. Their many differences are at the root of why mobile click fraud is harder to detect than individual website fraud. Until mobile developers and their publishers come to terms with this, fraudsters will keep doing what they do so well.