With AdTech, marketers gain a new level of sensibility in marketing (in terms of strategy, execution, and tracking), the lack of regulations and the immensity with channels make a way for fraud. If you don't know how gigantic the threat is, give a thought to Juniper's study, which estimates a loss of $19 billion in advertising to fraudulent activities in 2018. So, here I am writing a blog series to discuss different ad frauds that are plaguing mobile ads. I started with Click Fraud and its impact on ad campaigns. Here, I will be writing about Click Injection.

What is Click Injection?

As a marketer who is handling user acquisition, click injection is probably the fraud that you experience the most, regardless of if you have figured it out yet or not. In the click injection, a malicious app will impose the click to run your app after installation and to claim credit for installation at Mobile Measurement Platform (MMP). Hence, the attributes are manipulated and you will be paying the wrong media source instead of the actual (and deserving) source.

How Does Click Injection Work?

Users may unintentionally install the malicious app that performs unsuspicious operations, such as auto-change wallpapers, flashlight, cat-voicing, etc., and it would appear harmless to them. These malicious apps are usually available on unverified Android sources for free. They can even make their way to mobile devices without letting the users know. Such apps have permission to inject a click to run another application and to listen to the ‘install broadcast’.

• ‘Install broadcasts’ are the signals sent by apps installed on Android devices to update the status like installation or uninstallation.

The malicious app installed in the phone keeps performing its unsuspicious action until it listens to an Install Broadcast. On finding an Install Broadcast of your app, it sends a click to the MMP to claim itself as the source of app install and also injects the click to run the application. In the advertising process that involves Cost Per Installation model, advertisers pay mostly to the last source that got the successful installation. In this model, the malicious app is able to stake the claim on the credit of getting your app installed.