When investing in an user acquisition campaign, any app developer or agency wants to make sure 100% of its investment will bring high value users who will soon become engaged customers. What if we were to tell them that over 30% of the overall internet traffic was actually spotted as bot traffic in 2019*? What can they do better now to make sure the impact of their advertising spend grows from 70 to 100% of human-generated traffic? We will share in this article the different kinds of bot traffic that exist on the market and tips on how to spot it and be able to fully evict it.
First thing to know is that not all bot traffic is bad, actually 35% of this overall bot traffic is considered as “good”. It is made of feed fetchers, search engine bots, commercial crawlers and monitoring bots. They are considered to be good as they will help a website owner to get a better ranking in the search engines, protect its content to avoid any duplication content on some concurrent sites and make sure websites are running smoothly.
On the other hand, mobile “bad” bot traffic can be defined as any traffic that is not generated by an actual human, originating from a real or an emulated mobile device, usually in a device farm, a server, operating via emulators, or a malware program. It results in the generation of fake clicks, installs and even post-install events such as registrations or purchases. The well-known mobile measurement platform Appsflyer explains that “these programs constantly refresh their metadata, observe and learn user behavior patterns, later applying them in their activity to go under the radar of fraud protection solutions”. This makes these bad bots extremely hard to spot, as in most cases they are smart enough to learn how an actual person would act and copy the same behavioral pattern to remain undetectable.
There are 2 types of goals among these fraudsters: the ones who deliberately aim at harming the in-app experience and performed by cyber criminal organizations, and the ones who seek a monetary profit, performed by business organizations or individuals. The latter category, the most widely spread, is generating fake installs or events to get the attributed payment, from a “mobile farm” (having hundreds of real devices on a wall performing actions through a script that they developed) or emulators. They are targeting mobile advertising campaigns offering high payouts, or high possibilities of scale, in order to maximize their revenues. And they have been particularly greedy for CPA campaigns (Cost Per Action), as they have been a new market trend, offering considerably higher payouts than a regular CPI campaign (Cost Per Install). While many app developers or agencies continue to believe that moving from a CPI to a CPA pricing model is safer to prevent fraud and maximize their revenues, our experience has shown otherwise. updating it along the way to make it smarter than anti-fraud solutions. They look very similar to human traffic so are extremely hard to spot unless having a strong anti-fraud solution tailored to be smarter than them.
In 2019, yearly mobile advertising spend has increased by 20% to reach $190 billion**, which means mobile advertisers have been facing a $45 billion loss. This is considerable. If bot fraud remains stable in 2022 (it actually increased by 18% last year), as mobile ad spend is expected to grow to $280 billion yearly, bot fraud would reach an amount higher than $67 billion. While all this money loss can be avoided or at least limited by applying stronger controls and having a smarter approach than fraudsters to counter them in an agile way. For this, the first step is to be able to properly detect this bad bot traffic:
Looking at all these different data points in order to cross reference the metrics became the new normality in this industry, but not all advertisers are yet applying an automated and real time control to evict completely this bot traffic.
There are 3 main brakes among app advertisers to efficiently evict bot fraud: 1) the lack of knowledge about bot traffic and the negative impact on their user acquisition campaigns, 2) the resource and tool to properly spot it in real time, 3) a static approach to evicting fraud that does not take into account the constant evolution of fraudsters’ ways. While we have overcome the first brake in this article, let’s tackle together the second and third issues.
Manual checks will not allow an efficient barrier against malicious bot traffic, as being too static and arriving too late after the event actually happens. What is needed is the activation of a powerful anti-fraud tool, on the MMP side, but that can also be biased by a conflict of interest, thus adding an extra layer of control is always a much-needed thing. Dreamin has built its own anti-fraud solution, deploying machine learning algorithms to spot behavioral and statistical anomalies in real-time. This detection solution works on the basis of multiple data points collected and analyzed by the AI system at the same time. Once spotted, it is removed and blacklisted, while getting smarter along the way, as new types of bots arise.
*According to the survey from Imperva on “Bad Bot Report 2020: Bad Bots Strike Back”
** According to Statista.com’s survey. Source: https://www.statista.com/statistics/303817/mobile-internet-advertising-revenue-worldwide/