SDK spoofing
How SDK spoofing works:
With this technique, fraudsters add code to an app which later generates simulated ad click, install, and other engagement signals to an attribution provider on behalf of another app.
When successful, this can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.
How to identify when an SDK was hacked:
- Look for installs from an SDK version that you haven’t utilized – bots hide on an attacking app and will often send clicks and installs from SDK versions other than those used by your apps
- Keep an eye out for spikes in installs from specific SDK versions because if these install spikes don’t coincide with your release schedule, there is a good likelihood you are being targeted by bots
- Speak with your attribution provider and ask for a complimentary fraud exposure report
How to block this type of fraud:
- Avoid measurement solutions that utilize Open Source SDKs because they are inherently a security breach and are much more exposed to reverse engineering and bot attacks.
- Look for an SDK that has secure communications with their servers
- Use a fraud solution that blocks bots
- Search for a solution that has behavioral anomaly detection and that can automatically blocks non-human behavioral patterns, such as those originating from SDK hacking
