The Meed Blog

5 Warning Signs of User Acquisition Fraud

Posted on February 21, 2017 by Rich Klingelhofer

Mobile Fraud

The mobile tech industry is now seeing fraud costs reaching $1.3 Billion a year. Multiple fraud prevention companies now exist solely to combat this type of behavior and app developers should prepare themselves for the future of rapidly evolving fraud techniques, especially when it comes to app install based campaigns. Fraud ranges from warehouses filled with physical mobile devices and hired workers, to sophisticated emulator programs randomizing behavioral patterns.

As new technology makes fraud more difficult to commit, fraud in turn becomes more difficult to detect.  However, investment in prevention is worth a significant amount of money. At Meed Mobile, we were able to save our app developers over $2.4 million by identifying fraudsters. Below are a few things to look for:


IP Sharing


The same IP will appear multiple times outside any reasonable range. In recent years fraud has been getting around this by cycling the last octet (or two!) of the IP address used to generate downloads: Example: 255.255.255.XXX. Suspect IP addresses, be it common VPN/Proxy addresses or specific IPs that have been abused by fraud in the past, are cataloged and filtered out of click requests and install approval.


OS Updates


Good traffic should replicate device metric global averages. Fraud lags behind on updating their operating system. Look for high percentages of older OS versions.


Device Models


Similar to OS, you should expect your traffic to not have any device brand or model overrepresented in your data. Fraud will tend to utilize only a handful of models per source.  Most fraudulent installs will be on seemingly brand-new device identifiers with no long term history.  Larger networks have insight into behavior from millions of devices, and have seen usage cases in thousands of apps. Through this, devices and sources that have been seen before can be ‘green lit’ as more trustworthy installs, while newer devices are held with more scrutiny.




Look for repeated timing patterns. Fraud likes to work fast, so look for rapid downloads.


Raw install numbers


While iTunes connect and Google Play rarely match exactly with third party tracking (even without an ad campaign running), you should expect similar ballpark numbers. A campaign that has been severely hit by fraud can see 40%+ discrepancies in their tracking provider’s install numbers, and the official install numbers.

ABOUT Rich klingelhofer

Rich is the Senior Analyst and Fraud Specialist at Meed Mobile. He has over 5 years of experience combatting mobile ad and user acquisition fraud from both a first-hand publisher perspective, detecting and removing over 2.1 million fraudulent devices, and a network perspective, reviewing hundreds of publisher traffic sources. He lives and works in Boston, and is an avid competitive gamer and esports fan.