Antifraud systems in popular mobile trackers: AppsFlyer, Adjust, AppMetrica, TMC, Kochava
At the end of last year, I wrote on Habré what solutions exist on the antifraud market, and conducted a comparative analysis of some of them. Then it was about systems aimed precisely at the problem of fraud detection in traffic. Today I want to share my little research on how client trackers themselves struggle with fraud. I will consider the main ones: Appsflyer, Adjust, Kochava, TMC Attribution Analytics (ex. MAT), AppMetrica.
I will tell you what types of fraud the tracker determines (or does not determine), how the analysis itself takes place, how effective it is, and I will also provide for the reference of the trackers themselves a description of the anti-fraud system.
')
Immediately, I’ll make a reservation that in this article I don’t compare the convenience of the trackers themselves and their quality - we will only discuss the antifraud solutions built into them.
We often work with Appsflyer, their news does not bypass us. Not so long ago, colleagues released their own system of protection against fraud , with which you can detect poor-quality traffic and examine each of the sources.
The main thesis of Appsflyer is that they have a huge base of IP and devices, each of which has its own quality mark. That is, if a previously determined device is noticed in suspicious activity, then the installation on it will be marked as frod. Also, the presence of the base itself allows you to find out the number of new devices for each of the sources. If there are too many of them, then Appsflyer considers this to be a reason to suspect the source of the “creation” of new devices - in fact, in the use of emulators.
Each device is assigned its own rating: fraudulent devices are assigned a rating of "C", suspicious "B", new devices "N", etc., depending on the uniqueness of the interaction of a real live user with a device that receives a rating of "A", " AA "or" AAA ". Devices with a “C” rating are automatically excluded from the lists of attributable installations and analytics from AppsFlyer, that is, they are not used for postbacks as such.
In the screenshot, you can see a breakdown by traffic sources and antifraud metrics — the percentage of new devices, loyal users, installations from type B devices and net conversions \
In fact, everything is not so simple. Loud figures in 98% of the devices known to Appsflyer, including the Russian market, may not be thorough. According to Gartner and IDC , about 350,000 new devices appear every quarter. I do not think that Appsflyer is able to keep track of each of them. Therefore, relying entirely on their database is not very reasonable.
However, they themselves say that the mark of fraud is just a reason for additional expertise. Also, it is recommended to pay attention to the "Loyal Users" metric. If it is much lower for other sources in combination with a large percentage of new devices, then you should examine the source of traffic.
I will prove in practice. I ran into a case when a customer using Appsflyer began to worry about the number of new devices on one of the partners. However, during the questioning of the partner, a thorough study of the source of its traffic and analysis with the help of an additional antifraud system, it turned out that the partner is distributing offer oxen on new Chinese devices by entering into an agreement with the store selling these devices. That is, the traffic was absolutely normal and clean, but Appsflyer considered it suspicious. On the other hand, this traffic could be fraudulent, so the suspicion label AppsFlyer helps to study difficult cases and identify partners with unusual traffic. Or discover the real fraud. Therefore, using this system is useful, but you should be extremely careful.
Conclusion: 4 of 5 . You can focus on their metrics with their own careful analysis, in addition, advanced antifraud is already included in the extended AF account and does not require payment.
Adjust provides two fraud control tools in your product. The first, fairly standard, checks for the presence of IP in the VPN database and marks conversions with hidden IP. It is quite suitable as a proxy protection, it does its job. But if the proxy did not get into the database initially, or Froder uses new servers, there is a risk to miss the fraudulent conversion. Such cases, unfortunately, are far from uncommon.
The second tool is a click-spam analyzer. Adjust - the only ones who are engaged in such an analysis, so there’s really nothing to compare with. The verification method is the study of the number of identical clicks from one source and comparing the difference between the time of the click and the conversion with the conditional average. Let's just say, the idea of analyzing traffic in this way is very interesting, but it’s not so easy to choose the same “norm” in time. There is a possibility of a false positive, if a deviation occurred, for example, a person simply forgot to launch the downloaded application or intentionally postponed its launch until the moment he needed it.
In general, again, it is required to study each case of such a response in order to achieve maximum accuracy, otherwise you risk losing an adequate source falsely accused of fraud.
There is a third tool - the validator of purchases, which checks the validity of the purchase, checking data with information from the site, but we, as an agency, cannot assess it.
In the anti-fraud statistics, you can immediately see what exactly the conversion is suspected: AIP talks about a suspicious or hidden IP, TME talks about too many identical clicks, and DO talks about a strange time between a click and an installation. In the screenshot - one of the "suspects"
Rating: 4.5 out of 5 . No one else has been doing this kind of analysis, so you can use the Adjust tool as recommendations for studying traffic anomalies. However, you need to understand that the built-in tool will not do all the work for you, so you should not fully rely on it.
Also, the advantages include the use of anti-fraud to retargeting campaigns. From our experience, Adjust handles quite well, so for such purposes it can definitely be positively noted among the rest.
There are no built-in anti-fraud tools in AppMetrica, everything is so simple. But it is worth mentioning that the colleagues decided not to reinvent their own bicycle, but to integrate with the product FraudScore, a third-party traffic inspector, which I described in detail in a previous article about mobile fraud .
A decision worthy of respect: why try to do something that others do much better, it is wiser to delegate it to deserved leaders.
Score for Appmetrica: no score .
Score for FraudScore : 5 out of 5 - I already wrote about this system, but you can easily connect it without using AppMetrica.
The TMC system has various anti-fraud analytics tools .
The first one automatically blocks all conversions for which there are anomalies (installations with one Device ID are duplicated, purchases in the application are simulated and do not match the stor data). There are also 2 criteria that can be arbitrarily disabled - Jailbroken devices and the maximum IP for one Fingerprint. In fact, the system is fair - most of the criteria are unambiguous for fraud and there is no sense in disconnecting them, and what may depend on the wishes of customers can be turned off.
In addition, there is a report on the time between the click and the installation. It does not block the sending of postbacks, but it is convenient to search for anomalies on its own. Purchases in the application can also be checked for fraud, but we can’t test this functionality from the agency, so I will not include it in the assessment.
Finally, the system provides the opportunity to create your own “black lists” - set up a suitable attribution window (how many days it can take from the time of the click), block sub-partners, device models, countries.
It does not pull on a full-fledged antifraud, but being able to customize tracking at this level is definitely nice.
Breakdown of conversions that did not pass the quality assessment - partner indicated, time and reason for suspicion
Conclusion: 3.5 out of 5 . There are no hard criteria, there is customization and analysis tools. We can recommend it as an adequate solution if you have your own analysts on your side.
In practice, I have not had a chance to deal with Kochava's antifraud , but their article describes quite well how to find fraud on one’s own and what criteria to look at. The tracker practically does not take this job for itself, however, it tells the client in detail how to calculate the suspicious traffic.
There are, however, Trafic Verifier - a small utility that essentially performs the task of a tracking system - limits the GEO, OS, and device types. The additional function Frequency Capping acts as a tool that limits the number of clicks from a specific IP and other things for a selected period of time. Also, you can analyze what-if traffic, which is already in the statistics.
Of the other solutions, Kochava Blacklist is, in fact, a global traffic filter that marks inappropriate according to the criteria: the number of clicks from a single device and IP and the difference between a click and an installation.
As mentioned above, I did not have the opportunity to test it in action, but putting general filters on everything, not taking into account the specifics of the application and traffic, is far from a rational idea.
Conclusion: 2.5 out of 5 . Instructions and tools are good, but in fact the tracker almost does not perform the function of antifraud, it only gives you the opportunity to control traffic and food for thought about its quality.
From all of the above, we can conclude: at the moment, none of the trackers will not fully complete the task of fraud detection.
The trackers that implement antifraud-decisions are definitely great, as nothing like this existed before. Now the tracker can greatly facilitate the task of detecting fraud. However, it is a losing strategy in the long term to make a decision on traffic rejection, based solely on the recommendations of the tracker, not communicating with a partner and not studying various metrics on your own.
We hope that in the future colleagues from tracking systems will not slow down the development of their own antifraud solutions, making them thoroughly accurate.
In the meantime, choose the tracker that suits you best, train your own analysts to look for anomalies, and choose partners who are ready for dialogue and internal analysis - like, for example, we do this in Mobio .
I will tell you what types of fraud the tracker determines (or does not determine), how the analysis itself takes place, how effective it is, and I will also provide for the reference of the trackers themselves a description of the anti-fraud system.
')
Immediately, I’ll make a reservation that in this article I don’t compare the convenience of the trackers themselves and their quality - we will only discuss the antifraud solutions built into them.
Appsflyer
We often work with Appsflyer, their news does not bypass us. Not so long ago, colleagues released their own system of protection against fraud , with which you can detect poor-quality traffic and examine each of the sources.
The main thesis of Appsflyer is that they have a huge base of IP and devices, each of which has its own quality mark. That is, if a previously determined device is noticed in suspicious activity, then the installation on it will be marked as frod. Also, the presence of the base itself allows you to find out the number of new devices for each of the sources. If there are too many of them, then Appsflyer considers this to be a reason to suspect the source of the “creation” of new devices - in fact, in the use of emulators.
Each device is assigned its own rating: fraudulent devices are assigned a rating of "C", suspicious "B", new devices "N", etc., depending on the uniqueness of the interaction of a real live user with a device that receives a rating of "A", " AA "or" AAA ". Devices with a “C” rating are automatically excluded from the lists of attributable installations and analytics from AppsFlyer, that is, they are not used for postbacks as such.
In the screenshot, you can see a breakdown by traffic sources and antifraud metrics — the percentage of new devices, loyal users, installations from type B devices and net conversions \
In fact, everything is not so simple. Loud figures in 98% of the devices known to Appsflyer, including the Russian market, may not be thorough. According to Gartner and IDC , about 350,000 new devices appear every quarter. I do not think that Appsflyer is able to keep track of each of them. Therefore, relying entirely on their database is not very reasonable.
However, they themselves say that the mark of fraud is just a reason for additional expertise. Also, it is recommended to pay attention to the "Loyal Users" metric. If it is much lower for other sources in combination with a large percentage of new devices, then you should examine the source of traffic.
I will prove in practice. I ran into a case when a customer using Appsflyer began to worry about the number of new devices on one of the partners. However, during the questioning of the partner, a thorough study of the source of its traffic and analysis with the help of an additional antifraud system, it turned out that the partner is distributing offer oxen on new Chinese devices by entering into an agreement with the store selling these devices. That is, the traffic was absolutely normal and clean, but Appsflyer considered it suspicious. On the other hand, this traffic could be fraudulent, so the suspicion label AppsFlyer helps to study difficult cases and identify partners with unusual traffic. Or discover the real fraud. Therefore, using this system is useful, but you should be extremely careful.
Conclusion: 4 of 5 . You can focus on their metrics with their own careful analysis, in addition, advanced antifraud is already included in the extended AF account and does not require payment.
Adjust
Adjust provides two fraud control tools in your product. The first, fairly standard, checks for the presence of IP in the VPN database and marks conversions with hidden IP. It is quite suitable as a proxy protection, it does its job. But if the proxy did not get into the database initially, or Froder uses new servers, there is a risk to miss the fraudulent conversion. Such cases, unfortunately, are far from uncommon.
The second tool is a click-spam analyzer. Adjust - the only ones who are engaged in such an analysis, so there’s really nothing to compare with. The verification method is the study of the number of identical clicks from one source and comparing the difference between the time of the click and the conversion with the conditional average. Let's just say, the idea of analyzing traffic in this way is very interesting, but it’s not so easy to choose the same “norm” in time. There is a possibility of a false positive, if a deviation occurred, for example, a person simply forgot to launch the downloaded application or intentionally postponed its launch until the moment he needed it.
In general, again, it is required to study each case of such a response in order to achieve maximum accuracy, otherwise you risk losing an adequate source falsely accused of fraud.
There is a third tool - the validator of purchases, which checks the validity of the purchase, checking data with information from the site, but we, as an agency, cannot assess it.
In the anti-fraud statistics, you can immediately see what exactly the conversion is suspected: AIP talks about a suspicious or hidden IP, TME talks about too many identical clicks, and DO talks about a strange time between a click and an installation. In the screenshot - one of the "suspects"
Rating: 4.5 out of 5 . No one else has been doing this kind of analysis, so you can use the Adjust tool as recommendations for studying traffic anomalies. However, you need to understand that the built-in tool will not do all the work for you, so you should not fully rely on it.
Also, the advantages include the use of anti-fraud to retargeting campaigns. From our experience, Adjust handles quite well, so for such purposes it can definitely be positively noted among the rest.
AppMetrica
There are no built-in anti-fraud tools in AppMetrica, everything is so simple. But it is worth mentioning that the colleagues decided not to reinvent their own bicycle, but to integrate with the product FraudScore, a third-party traffic inspector, which I described in detail in a previous article about mobile fraud .
A decision worthy of respect: why try to do something that others do much better, it is wiser to delegate it to deserved leaders.
Score for Appmetrica: no score .
Score for FraudScore : 5 out of 5 - I already wrote about this system, but you can easily connect it without using AppMetrica.
TMC Attribution Analytics (ex. MAT)
The TMC system has various anti-fraud analytics tools .
The first one automatically blocks all conversions for which there are anomalies (installations with one Device ID are duplicated, purchases in the application are simulated and do not match the stor data). There are also 2 criteria that can be arbitrarily disabled - Jailbroken devices and the maximum IP for one Fingerprint. In fact, the system is fair - most of the criteria are unambiguous for fraud and there is no sense in disconnecting them, and what may depend on the wishes of customers can be turned off.
In addition, there is a report on the time between the click and the installation. It does not block the sending of postbacks, but it is convenient to search for anomalies on its own. Purchases in the application can also be checked for fraud, but we can’t test this functionality from the agency, so I will not include it in the assessment.
Finally, the system provides the opportunity to create your own “black lists” - set up a suitable attribution window (how many days it can take from the time of the click), block sub-partners, device models, countries.
It does not pull on a full-fledged antifraud, but being able to customize tracking at this level is definitely nice.
Breakdown of conversions that did not pass the quality assessment - partner indicated, time and reason for suspicion
Conclusion: 3.5 out of 5 . There are no hard criteria, there is customization and analysis tools. We can recommend it as an adequate solution if you have your own analysts on your side.
Kochava
In practice, I have not had a chance to deal with Kochava's antifraud , but their article describes quite well how to find fraud on one’s own and what criteria to look at. The tracker practically does not take this job for itself, however, it tells the client in detail how to calculate the suspicious traffic.
There are, however, Trafic Verifier - a small utility that essentially performs the task of a tracking system - limits the GEO, OS, and device types. The additional function Frequency Capping acts as a tool that limits the number of clicks from a specific IP and other things for a selected period of time. Also, you can analyze what-if traffic, which is already in the statistics.
Of the other solutions, Kochava Blacklist is, in fact, a global traffic filter that marks inappropriate according to the criteria: the number of clicks from a single device and IP and the difference between a click and an installation.
As mentioned above, I did not have the opportunity to test it in action, but putting general filters on everything, not taking into account the specifics of the application and traffic, is far from a rational idea.
Conclusion: 2.5 out of 5 . Instructions and tools are good, but in fact the tracker almost does not perform the function of antifraud, it only gives you the opportunity to control traffic and food for thought about its quality.
results
From all of the above, we can conclude: at the moment, none of the trackers will not fully complete the task of fraud detection.
The trackers that implement antifraud-decisions are definitely great, as nothing like this existed before. Now the tracker can greatly facilitate the task of detecting fraud. However, it is a losing strategy in the long term to make a decision on traffic rejection, based solely on the recommendations of the tracker, not communicating with a partner and not studying various metrics on your own.
We hope that in the future colleagues from tracking systems will not slow down the development of their own antifraud solutions, making them thoroughly accurate.
In the meantime, choose the tracker that suits you best, train your own analysts to look for anomalies, and choose partners who are ready for dialogue and internal analysis - like, for example, we do this in Mobio .
Source: https://habr.com/ru/post/328876/
All Articles