Fraud in the mobile app ecosystem is rampant and evolving faster than ever, but what is less known is just how sophisticated fraudsters have become in their attempts to bypass protective measures, how hard they are hitting and who is most exposed. Worryingly, but perhaps unsurprisingly, the travel sector is among the hardest hit.
- AppsFlyer study shows mobile app marketers were exposed to almost a third (30%) more fraud during the first quarter of 2018;
- Financial exposure to fraud in Q1 hit USD700-USD800 million worldwide, according to estimates;
- AppsFlyer says it found “no correlation between the size of an app (based on the number of its non-organic installs) and their rate of fraud”;
- Travel is the fourth hardest hit sector from app fraud, according to the report, with USD65 million in financial exposure during Q1 2018.
A new study from AppsFlyer, a global mobile attribution and marketing analytics leader, has found that mobile app marketers were exposed to almost a third (30%) more fraud during the first quarter of 2018 (as compared to the 2017 quarterly average). What once took fraudsters six months to develop can now take weeks or even days. “The bad guys have gotten smarter, adapting much faster to anti-fraud measures. What’s more, we see a significant increase in the rate of fraud and level of financial exposure,” says the company.
When factoring media cost and third party attribution market share estimates, financial exposure to fraud in Q1 hit USD700-USD800 million worldwide, according to AppsFlyer’s ‘The State of Mobile Fraud: Q1 2018’ report which examined over 10 billion installs of 6,000 apps. Overall, the data shows an 11.5% fraud rate, a 15% increase compared to the last study.
“Fraud has become a high stakes arms race,” says the report, “and when one form of attack is blocked, fraudsters find another way in and they do it at increasingly alarming speed”. As a result, fraud comes in waves, as the following chart from the report clearly illustrates.
As the report notes, fraud from device farms inflicted the most damage over the summer of 2017, but the launch of the Protect360 fraud protection forced them to adapt. To make up for some of their lost volume, click flood rates jumped. At the same time, bad actors began to experiment with bots and most advanced fraud that could only be identified by their behavioural anomalies. In Feb-2018, bots became the most popular form of attack accounting for 30% of fraud.
The report also highlights that the overall high rate of fraud is not the result of just a few large apps being targeted on a large scale. In fact, 22% of apps have over 10% fraud, while no less than 12% (that’s hundreds of apps out of the sample) were significantly exposed to fraud at rate of over 30%. AppsFlyer says it found “no correlation between the size of an app (based on the number of its non-organic installs) and their rate of fraud”. This shows every app is a potential fraud target.
CHART – When fraudsters decide which country to target, they look at two primary factors: payout and scale. That’s why they target, on the one hand, countries with relatively high CPIs and on the other hand, those with significant volumeSource: AppsFlyer’s ‘The State of Mobile Fraud: Q1 2018’ report
Travel is the fourth hardest hit sector from app fraud, according to the report, with USD65 million in financial exposure during Q1 2018 (behind shopping, USD275 million; gaming USD103 million and finance USD90 million), but ranks highest in terms of the share of apps with a high fraud rate – 38% with at least 10% fraud, 32% with at least 20%, and 27% with more than 30%. It had a 15% higher rate of fraud in Q1 2018 vs. Q4 2017 and sector with the third highest number of fraudulent installs from bot attacks and from install hijacking attacks and second highest number of fraudulent installs rejected through behavioural anomalies.