Install attribution fraud

Click injection

Click injection is a technique for winning last click attribution in CPI campaigns. It’s enabled on Android phones when a bad actor includes app code that uses the Android feature “Install Broadcast” to continuously monitor a user’s device for new installs. Based on this information, the publisher can send fake clicks just before payable post-install events occur.

How they do it

Malicious publisher has registered for advertiser’s affiliate program that pays for installs once user has opened advertiser’s app
User downloads malicious publisher’s app
App features code that allows it to monitor user’s Android for all new installs
Malicious publisher’s app detects that user has just downloaded advertiser’s app
Malicious publisher injects fake click event
User opens advertiser’s app
Advertiser attributes credit to malicious publisher, even though they provided no value in driving the install, and pays them a percentage of revenue

Install attribution fraud

Click injection

How they do it

Get in touch

Yes, I would like to receive marketing communications regarding impact.com products, services, and events. I can unsubscribe at a later time. By registering, you confirm that you agree to the storing and processing of your personal data by impact.com as described in the Privacy Policy.