The Adjust Fraud Prevention Suite is the first anti-fraud solution for mobile advertising. Adjust’s Anonymous IP Filtering, Click Injection Filtering, and Distribution Modeling features protect your data from being distorted by illegitimate activity.

1Activating Fraud Prevention Features

To activate the Fraud Prevention Suite, add the package to your payment plan. You can find details on the Pricing Page within your dashboard. Once active, the package will be displayed in your invoice and all costs associated with fraudulent traffic will be deducted.

When you have added the Fraud Prevention Suite to your payment plan, you can activate the Fraud Prevention features on a per-app basis in your App Settings panel.

To access the toggles, click the App Settings button in the app console and navigate to the Fraud Prevention Settings section. Here, you will find three toggles: Anonymous IP Filtering, which will activate Anonymous IP Filtering Click Injection Filtering which will activate Click Injection Filtering, and Distribution Modeling, which will activate Distribution Modeling.

2Fraud Prevention features

The Fraud Prevention Suite consists of the Anonymous IP Filter, the Click Injection Filter, and Distribution Modeling features, which all work in tandem to prevent various forms of fraud from affecting your data.

2.1Anonymous IP Filter

When activated, the Adjust Anonymous IP Filter cross-checks all installs against a list of IPs associated with known data centers, VPNs, Tor exit nodes, cloud services and more. While many services for rerouting internet traffic have their use cases, it is extremely unusual for them to be associated with a mobile device – and it is highly indicative of fraudulent behavior.

Activating Anonymous IP Filtering will cause all installs associated with blacklisted IPs to appear under an Untrusted Device tracker in your CSV reports and dashboard. Read more about viewing fraud data in your statistics display.

The {rejection_reason} placeholder for this type of rejection is anonymous_traffic.

2.2Click injection filtering

Click injection filtering removes fraudulent clicks from consideration within Adjust’s attribution framework.

Note: Click injection filtering requires your app to have the Adjust Android SDK version 4.12 or later integrated.

Installs rejected for click injection will appear under Rejected Installs within a sub-level named Click Injection.

Click injection occurs when an ad publisher sends a fraudulent click between an app download and the first app-open, intending to steal the attribution from another source. Click injection only affects Android traffic because the Android operating system uses broadcasts to alert other apps when changes occur on the device. For more information, check out our blog.

The {rejection_reason} placeholder for this type of rejection is engagement_injection.

2.3Distribution Modeling

The Distribution Modeling feature protects your user acquisition campaigns from fraudsters targeting your organic users: Clickspam, the execution of an invisible redirect in the background of a user’s app, is a common method used to poach organic users who install your app, but never knowingly had an ad served.

To protect your campaigns from clickspam, Distribution Modeling examines the click-to-install time distribution to determine instances of fraud. If an install is tied to statistically abnormal click behavior, we ignore the attribution and instead attribute the install to the next-best tracker.

Distribution Modeling Levels

In your dashboard there are two available distribution modeling levels that you can select:

The Standard level sets the install rejection threshold at a lower level. This setting will root out click spam related fraud at a safe level for all types of apps and campaigns.

The Advanced level sets the install rejection threshold at a higher level. This setting should be used for apps that expect immediate interaction from the user. This level of rejection is not suitable for every type of campaign and should be used only by people familiar with the feature and its repercussions. If you select this level we will attribute fewer installs which will result in rising CPI prices.

The {rejection_reason} placeholder for this type of rejection is distribution_outlier.

Click Capping

Part of the The Distribution Modeling feature is a simpler Click Capping feature. This is another protection against clickspam and simply means that if one install could be attributed to too many clicks, the attribution to these clicks would be rejected. The type of attribution (device id, fingerprint etc) determines the cap of allowable clicks and the time period before the install that is used in this protection.

In the case of rejected attributions, a calculated high-level engagement frequency carrying the same:

  1. Tracker ID
  2. App Token
  3. Device tag

will be flagged and attributed onto the next-best tracker.

For fingerprint attributions, a calculated high-level engagement frequency carrying the same:

  1. IP address
  2. Device type
  3. Device name
  4. OS name
  5. OS version

will also flagged and attributed onto the next-best tracker.

The {rejection_reason} placeholder for this type of rejection is too_many_engagements.

3Viewing fraud data in your Dashboard

You can view your fraud statistics to get an idea of how the rejected install and reattribution amounts look over different apps, clients and networks.

There are two ways to view the collected install data:

  1. Per-app, in your Fraud Prevention tab, and
  2. In your CSV reports.

You can find the Fraud Prevention tab in your Adjust dashboard under each app’s Statistics page:

Here you will see the number and percentage of rejected installs in the Rejected Installs column. This figure includes attributions rejected by our click and IP filters.

When installs are rejected, they are reattributed onto different trackers (or back to organic). If an attribution is denied by the Anonymous IP Filter, you will find it on the Untrusted Devices tracker.

Rejected installs and reattributions are broken down by their rejection reasons and, for simplicity, are displayed as acronyms. When you hover over these column headings, the full rejection reason will be shown. The table below also shows the definitions of these acronyms.

Acronym Meaning Fraud Prevention Feature
RI AIP Rejected Install - Anonymous IP Anonymous IP Filtering
RI TME Rejected Install - Too Many Engagements Distribution Modelling - Click Capping
RI CI Rejected Install - Click Injection Click injection Filtering
RI DO Rejected Install - Distribution Outlier Distribution Modelling
RR AIP Rejected Reattribution - Anonymous IP Anonymous IP Filtering
RR TME Rejected Reattribution - Too Many Engagements Distribution Modelling - Click Capping
RR CI Rejected Reattribution - Click Injection Click Injection Filtering
RR DO Rejected Reattribution - Distribution Outlier Distribution Modelling

Note that these columns are only available when you have fraud prevention enabled, and traffic marked as rejected will remain marked as rejected.

3.1Recognizing the Peak-Trough Fraud Prevention Pattern

Statistical analysis has indicated that activating or re-activating your Fraud Prevention filters may result in what we refer to as the Peak-Trough Fraud Prevention Pattern, which is characterized by an increase in flagged activity, followed by a sharp drop to much lower rates of prevented fraud.

Peak-Trough Fraud Prevention Pattern

You will see this pattern if you activate the filtering system while being targeted by a fraud scheme – the sharp drop indicates that once the fraudsters experience a dropoff in their conversion rates, they were forced to refocus their efforts on a different, unprotected campaign.