The meteoric rise of mobile ad fraud is enough to make any app marketer anxious. But they don’t have to be victims if they know what to look for and the actions to take.  Our host Peggy Anne Salz from MobileGroove catches up with Andreas Naumann, Head of Fraud at Adjust, the industry leader in mobile measurement and fraud prevention, for an entertaining and empowering discussion about the types of ad fraud and the signals that should prompt action. Andreas, a Mobile Hero recognized by Liftoff for his accomplishments and advocacy of an informed and balanced approach to fraud prevention, challenges popular myths and preconceived notions around tools and techniques, such as blacklisting and benchmarks, and zeroes in on what app marketers can do to disincentivize fraud. He also updates us on the progress of the Coalition Against Ad Fraud (CAAF),  a group of industry leading players in the advertising ecosystem, including major attribution vendors and ad networks, that have pledged to tackle mobile ad fraud.


Hello and welcome to Mobile Presence.  I’m your host, Peggy Anne Salz, with Mobile Groove, where I plan, produce and promote content that allows my clients to reach performance goals and scale growth.  And of course growth is what it’s all about here at Mobile Presence because this is where we get the inside track on how you can grow your app from UA experts because this is basically their daily job. 

And we’re going to switch gears for a moment because it’s not just about growth but it’s about understanding some of the pitfalls, understanding what the obstacles are and certainly one of these that you have to be aware of if you’re a UA expert or just trying out UA for your mobile app is of course mobile fraud.  So, we’re going to talk today rather with an expert in mobile ad fraud who has still earned the title of “Mobile Hero” as chosen by Liftoff, a full service mobile app marketing and retargeting platform, so we’re going to, as I’ve said, dive into mobile ad fraud but very, very interestingly we’re going to play a little bit of a game and we’ll get to that in just a moment after I welcome Andreas Naumann, he is Head of Fraud at Adjust.  Andreas, great to have you, how’s it going over there in Berlin?

It’s going really well, it’s still a bit cold but the first spring is coming around, it’s getting a little warmer and so I’m very comfortable, thank you.

Well, thank you for joining us and of course that’s the point, we want to get comfortable I think with the idea of ad fraud, we want to get familiar with the topic and we also want to understand what I’m looking forward to is a little bit of the preconceived notions and the real truth behind mobile ad fraud.  But first of course tell me a little bit about Adjust.  I mean, I know it as a mobile measurement platform, as being an expert in ad fraud, you yourself Head of Fraud there but how would you describe Adjust most recently considering you have also moved into some interesting areas?

That is a good question.  So we are definitely what is called a measurement platform, we’re doing attribution as well, that goes hand in hand but recently we are pushing into the direction of bot detection as well, so the whole anti-fraud bid has been expanded quite drastically.  And, yes, I’m really looking forward to reaping the results of that, digging deeper into a lot more additional data that we can look at to figure out how to best protect our clients from different fraud schemes.

And, Andreas, what about yourself – Head of Fraud, that’s a responsibility, what do you do at Adjust?

I do plenty.  So, I started at Adjust three years ago, January 2016, and I was a one-man show back then, I started doing all the research that our current filters are working off.  I designed those filters, I did a bit of project management getting those out of the door and then I started building a team to support all of the things that we’re doing so that we can properly answer questions of our clients so that we can support networks in figuring out what types of fraud are happening on the campaigns, how to mitigate with their partners.

So, we’re a team that is facing in all directions and we’re also doing quite some research in the security area trying to make sure that our SDK is the most secure it can be.

Well, that’s very true, you’ve been moving in a lot of different directions, I watched the recent acquisition of a company that can understand and detect bot fraud, so there’s a lot going on.  And to your point, there’s a lot of different types of fraud and I don’t want to go there because I was writing a report recently and getting into an argument actually with the client because he was like there are 6 types, and I said no, there are 8 types, he said well, I’ve read that there’s even more.  And so we’re not even going to go there, I like the way that you have developed a way to categorize fraud, you’re talking about compliance fraud which is down to maybe a judgment in many ways because it’s not necessarily black and white, and technical fraud which is pretty easy to find but maybe a little bit harder to spot.  Those are your ways of categorizing this.  How would you describe then technical fraud?

So, in technical fraud, we again have a differentiation between two different types and each of those different types have several different MOs associated to them.  The two types I am usually separating things in is attribution manipulation, so any type of fraud where there is actually a real user, there’s a real device and there’s a real action taken meaning the user actually used their device to go ahead, install an app and use it.  All of that is legit.  What is not legit in this case is the ad engagement that this action is supposed to be attributed to, that’s why we call this attribution manipulation.  So, anything that tries to spoof the ad engagement in order to get commissions for the action the real user takes and the other side of that medallion would be fraud where everything is completely fabricated from in the best case, most sophisticated case from the fraudster’s viewpoint, everything is spoofed from the impression of the click to the install, post install actions, sometimes even payment events that are being falsified because the pay off later on is still bigger than the investment made.

Wow, it sounds so frightening, it sounds really 007 here, everything is not what it seems which is what’s happening out there.  You know that, it’s a fact, you’re the expert, but is there anything that you can give in the way of telltale signs?  Even the slyest fraudster, there must be some sort of sign that something isn’t quite right – just at a high level, is there something marketers can say “That is a flag, that signals me to take action or pay attention”?

There is a couple of things that are pretty easily checked.  For instance, when you have availability of aggregated stats over a campaign time, a very, very easy giveaway that something is going wrong is if the conversion rate click to install is extremely low and by extremely low, usually I would say below 1% is cause for potential concern, so this campaign is most likely not running to the best of its abilities but if we fall below 0.1% click to install conversion rate, then it becomes really hard to argue how this is achieved with human tracking, with humans interacting with ad media how they usually do when there’s a genuine interaction between human ad media and then the product that is being advertised.

And you can turn this on its head as well and go ahead as a UA manager and start looking into the media cost or the effective media cost, right, you know what you’re paying for CPI and if you see how many clicks come in, you can derive from that how many impressions should be needed to get to those clicks and if that impression price is a lot lower than what is usually being paid in the market, then the question really arises why would that publisher go ahead and work for a fraction of the earnings that they could have just to run this campaign?

Why are they giving it away is the question?

Exactly, usually publishers seek to maximise their profits as everybody else so seeing a publisher that would work for a CPM that is a tenth of a hundredth or a thousandth of the actual price that they could run with any self-sign-up network, then it becomes really a question of why would that even happen?

It comes back to a lot of the interviews I’ve done, I’ve done dozens in the industry and it just comes again and again, you know, if it’s too good to be true, it usually is?  Is that a good rule of thumb for you, Andreas?

That is totally it, that is the number one rule – if it’s too good to be true, definitely have a look and I’m not saying that there’s not a niche for an opportunity to present itself but if it’s happening a lot and if it’s happening like constantly, you definitely have to look into those things and I would argue you’d better err on the side of caution than believe what is happening is you getting a free lunch.

And another one of course is click spam, I’m hearing so much about that and we also had Mike Paxman over here from Adjust a few shows back and he was telling us about this very scary, very scary scenario, it was around Halloween so it really fit, and how simple it is to do but not necessarily the easiest to combat, if at all.  What are your views on click spamming?  Are there actions marketers can take?

For sure.  Actually the example that we just had is for click spamming, so looking at the conversion rates, looking at the effective media cost of your sources is a good way to figure out if it is happening or not.  Fighting it proactively is somewhat hard, that is one of the things that we’re trying to figure out this year with a very new thing that we started recently which we dubbed “click validation through proof of impression” which is a mouthful but it is going in that direction, making it a lot harder to fabricate clicks by tying more rules to them and then having logic checks on them.

And also to that point, so we talked about the click spamming and you said there were two types of technical fraud.  We’ve covered one, is there something you can say about the other or is it fairly similar, again, that rule of thumb – if it’s too good to be true, it usually is?

The other one is a lot harder to spot and it’s basically an evolutionary step from click spamming, so click spamming is basically the action of trying to spam clicks, cookies, whatever the attribution point is, right, it’s a bit different on web to web and web to app and all those things.  But you’re trying to mark as many devices or users that visit your content for attribution.  So you have a user visit your website and you execute a click for them, they don’t see any advertisement, they don’t click on it but in the background you execute the click for them as if they clicked on a banner or a video and you cash in on the random chance of those people taking action after visiting your content.

With click injection, all of this becomes a lot more targeted and a lot more effective because click injection first off it’s an in-app fraud scheme, it is only available on Android because the exploits that are being used do not exist on Apple iOS devices since iOS 9, and this whole thing really just works by executing a click and injecting it, hence the name, after the user already made the decision to download and use an app.

There’s two different exploits, one the content provider exploit that allows an attacker to inject a click during the running download from the Google Play Store, so as soon the user clicked the install button in Google Play, that click can be injected, and the second exploit is at the end of the install when the app is finally installed on the device just before the icon of that new app becomes available on the home screen, there is a thing called the “package added broadcast” that lets every app on the device know that a new app has been installed on this device and that push of this information can also be used to inject click at this moment in time.

And those two things are a lot harder to figure out because we don’t have conversion rates that is pointing towards it, there is a tell tale sign if the Package Added Broadcast exploit is being used and it’s effective, then you would see a lot of installs being attributed with a very short conversion time of single seconds but that is also not something that you can rely upon because the content provider exploit is the most used one, it’s the one that is actually a lot easier to use and therefore that becomes quite undetectable unless you actually get the data points that Google made available in November of last year which gives you the time of when the user clicked the install button in the Google Play Store and then you can make sure that you do not attribute to any click engagements that happened after that moment in time.

Well, what I’m hearing here is two things, Andreas.  First of all, it’s so important to watch the signs and signals of ad fraud, it’s not simple but listeners, keep in mind you don’t have to necessarily take notes here, a lot of this is over at, they have white papers, blogs, a lot of tutorials, everything you need as sort of a crash course.  When we come back after the break, we’ll be looking at some of the myths around ad fraud and think about what you can do or what you might think you know about ad fraud after the break.  So don’t go away, we’ll be right back.

And we are back to Mobile Presence.  I’m your host, Peggy Anne Salz from Mobile Groove and we have today Andreas Naumann, he is Head of Fraud at Adjust.  And Andreas, right before the break we were going through some of the signs of fraud, it’s complex, granted, but now it’s even more exciting to go through some of the preconceived notions because ad fraud is so big for the entire advertising industry, I’m hearing figures of upwards of 50 billion in fraud, not all of that mobile but you get an idea of what we’re talking about.  So, people think they know a lot about it but in reality, there are some preconceived notions that you as an expert are going to help me go through and debunk, basically.  So the first one I’ll give you – performance campaigns, the whole idea that marketers run a performance campaign, pay for the very last click, the very last goal, the very last conversion, but it’s not that simple is it, Andreas?

It’s not.  This is actually a point that I have to discuss very often with clients of ours or with new clients or people that get interested in anti-fraud at some point in their let’s say marketing lifecycle and one of the things and this is like an extremely old myth – when I started in the industry in 2007, this was already a thing and it was already quite a misunderstanding and the reasons – I don’t want to even go into the reasons but what is happening is people get convinced that paying for a conversion point very late in the user conversion funnel is the best thing that you can do and that is true to the extent or to an extent when you can make sure that everything before that point is legit.

The problem is that mostly doesn’t happen so if you go ahead and you run a CPA campaign where you pay for a user taking a certain action like registering to a service or making a first down payment starting a subscription, then all of that is most likely real, right?  We’ve talked about that earlier with click spam but the risk here is that you will pay for a legit user using your service, paying money to you that never engaged with the advertisement that this whole interaction is being attributed to, and that is the big risk with any type of CPA campaigns or CPE campaigns depending on which nomenclature you subscribe to.

And if you have a fraudster that is really good in click spamming or click injecting, then you run the risk of paying a lot of money for your organic users that you have already paid for, right?  Organic users flock to an app because of other advertisement channels except digital mobile because you build a good product and you get word of mouth so in a sense a company has already paid for all their organics that they’re getting, it’s just that somebody likes to get paid for them one more time and usually those are being sold at a discount, so you can get a ton of those installs at a very low price so the CPE price or CPA price might be a lot lower than what other people offer you but then again you run the risk of those being actually poached out of your organic conversions and that is quite a huge risk that people don’t necessarily want to acknowledge.

So what I’m hearing here is that, you know, the conversion is a great – it’s a great event and it’s what every marketer is after but you have to look at the journey that got you there and if it all makes sense and it’s legit from beginning to end, then you can say “Hey, that’s it, it’s time to celebrate, that conversion’s real, everything is good” but what you’re telling me is that just looking at the end result isn’t always the best way, it’s not going to give you the full picture.

Exactly.  You should know where all of this is coming from and when you talk to brand marketers, to them, this is a complete no-brainer – a brand marketer will always want to know, okay, which creative drove the most engagement in which market for which target audience and that means you need to have all the information about the impressions.  You need to know what creative was used, what was the engagement times, if it’s a video network, video creative, how much of the video ran, was the sound active, all those things.

So, a brand marketer really wants to understand the top funnel analytics, how did we get the attention of the consumer that went and consumed?  And I would argue that is a very good question to figure out for performance marketers as well because you really want to know which placements work, which creatives work, what type of audience works best and to get into all of that, you need to know where the impressions happened, when they happened, how they happened and how many clicks derived from those impressions and then go through the whole funnel and when you have the whole funnel available, then checking for the validity and quality of the users that you get is a lot easier.  And it gets a lot harder to actually go and defraud a campaign that is being monitored from impression to action taken.

Well, the good news is I’m hearing at so many conferences and from interviews that performance marketing and brand marketing, they are meeting, they are mashing up, this is happening because of course we are focused deeper in the funnel where brand marketing and brand concerns or identity is so important so hopefully those two parts of the companies will continue to sort of work together and talk together because that might be a way to nip this and beat it at its own game.  So, let’s go onto myth number two – fraud benchmarks, it’s great, I love them, I’m a data geek, I read all the reports and it’s great to know, okay, what is the fraud, percentage of fraud in different countries, but the way I understand it, Andreas, that might be great for our decks and our presentations but it’s not really a great guideline to what’s going on with that traffic.  Is that your point here?

Yes, I’m very reluctant to give any data of that sort.  People always ask for benchmarks in their industry, in their app category, in their country or in the country that they want to market in next but looking at a snapshot of what happened over a period of time in the past doesn’t really give you anything for the future because fraudsters don’t operate like that, right?

Fraudsters don’t sit down and say, “I’m going to defraud strategy games in the mid-core markets and I’m going to do so in Brazil”.

I have to laugh because when you say it like that, it’s obvious that that’s absurd.

Exactly, it’s not clue, right, what they’re doing is figuring out, okay, which campaign gives me the greatest ROI, where can I get paid the most, where are the budgets completely open, where can I drive as much traffic as I can without running into cabs?  And that’s where they will go and naturally where do I get not detected for the thing that I do?  That’s the attack pattern – they want to figure out where they can make the most money with the least effort and the lowest risk of getting caught.  And if that is for mid-core strategy games in Brazil at a current moment in time, then this is true because a couple of advertisers run their campaigns unprotected and they pay really high prices because they want to penetrate the market.  That’s the risk factor.

But is has nothing to do with the industry, with the category or with the country that this happens in and I often times heard people, “Oh well, we can go into Japan because there’s no fraud”.  That doesn’t mean that if you go to Japan and you spent an ungodly amount of money with unprotected campaigns to push into the market, then there might be fraud in Japan and the next report that you read because you will get attacked.

So, yes, there is a merit to those benchmarks but I think they’re not being used as they should be.

And to your point in the other direction, I’ve been talking with a lot of people in APAC and a lot of app marketers are saying “Well, we can’t touch any of it because it’s all at some level questionable” but that isn’t the case.  There’s a lot of app marketers I’m talking with making money in APAC, in China, and everything is fine.  It really depends on how you approach attribution, how you look at the data, what you’re looking for – it’s just not one country is not completely fraudulent and another country completely clean, as you said for Japan, correct?

I completely agree, you can run successful campaigns without fraud in markets that are deemed to be inherently fraudulent, and that is exactly the thing that I feel those benchmarks create – they create a fear of going into a market and that is not necessarily a good thing, I feel.

Well, we’ve got a couple more to go through but we’re running out of time so we are going to go to a break, Andreas, but we’re going to come back and we’re going to do one more myth and then we’re going to ask you I think some questions also about the Coalition Against Ad Fraud which is an organisation that Adjust is very active in – I believe also founded, is that correct?

True, yes, it is.

Excellent, so listeners, as you can see lots of reasons to come back, so don’t go away – we’ll be right back after the break.

And we are back, back to Mobile Presence.  I’m your host, Peggy Anne Salz – our guest today, Andreas Naumann, Head of Fraud at Adjust.  And Andreas, right before the break we were having actually some fun here because if there’s something I love it’s sort of like this gameshow approach.  Number one, number two – number three in myth-busting, blacklisting – you know, it’s the idea that you can just find a fraudster, strike them off the list but you are not convinced, are you?

No, that is actually a pet peeve of mine.  Blacklisting is a tool that if you use it like it’s mostly used by a persistent blacklist, you create a database of dead information, the problem being that fraudsters that are more or less career criminals, they have no problem with getting on a blacklist because they can drop everything that they have and start anew on the drop of a dime.  They can create a new company, a new name, a new narrative around themselves and they will be back in no time and usually what we’re talking about when we’re talking about blacklisting is domains and bundle IDs for apps and usually identifiers for networks and tracking and usually those people run several accounts at the same time so they can drop them and create new ones as they need.

And whenever you have an actual legit publisher or a legit source of traffic put on a blacklist, they can’t do that – they can’t switch around their company name, they can’t come back with a new account tomorrow because everything is tied – all the relationships are tied to their identity so whoever lands on a blacklist without actually being at fault has a very, very hard time getting off it.

So, I don’t like blacklisting at all.

And it can happen, I mean, the analogy is email, right?  I’m getting emails from people, it’s every time I put them in the list that I don’t want to see it anymore, they have a different email address and I’m still getting it and then the poor people who maybe fell through the cracks and are ending up in my blacklist, I’ll never hear from them again and I guess it’s very similar in the app space. 

It is unfortunately quite similar, yes.

So, you’re doing a lot of work, obviously, Andreas, we’re having this conversation about the many types of fraud and approaches so it’s a very deep topic, it’s going to be one that is very hot in 2019 and long beyond.  And you at Adjust are doing something about this, you have founded the Coalition Against Ad Fraud.  Tell me what that is.

So, we wanted to start talking with people and in its first iteration this was only for our network partners, so ad networks, performance networks, video networks, realtime bidding networks, all of the above.  And we wanted to come together because I started my career on the network side and I know that there’s very talented, very diligent people that know how the whole fraud thing works and that don’t want to be the shady network, right?

We are right now at a time of people switching around, everybody is looking for transparency for more direct publisher relationships and we wanted to give people a forum, a platform to come together to discuss best practices around fraud detection, around fraud research.  We have very interesting people in there that sit together and share research results, that share research approaches and we want to make sure that we come to – that we create a space where this can be openly shared and that we can go ahead and have revelations as a group and we want to add advertisers to this, this year, to make sure that we can use all our findings to educate marketers in a joint fashion.

That’s actually very smart because you have all the stakeholders at the table.  Andreas, it’s an organization that is evolving but if you had to name an accomplishment or something that you’ve done in the Coalition Against Ad-Fraud to tell me this is what we’re proudest of or what is we think we can produce, this is our reason for being, what would it be?

The one thing that we produced last year over the course of 2018 is our joint document, our definitions of ad fraud, so a document that standardises the definitions and nomenclature around ad fraud so that every advertiser that knows that they’re working with any of those 25 networks that is in the Coalition, all of them speak the same language, all of them can be addressed with the same nomenclature and then they will understand what it is we’re talking about.

And that is one of the things that I feel in ad fraud is still lacking is a shared nomenclature and a shared set of definitions.  So, hopefully we can push this more and more so that at one point we are all taking the same language which is going to make it a lot easier to mitigate the problems and negotiate how to move forward.

Well, that’s really important because once we all agree, then we can do that exactly – it’s about moving forward.  And as we said before, you’re also – you’ve earned the title “Mobile Hero”, you’re not in UA so what do you think is your superpower?  Maybe you are the super negotiator or the person who has like the X-ray vision into fraud – what would you think is the reason that you got this title, Andreas?

I guess it’s because I’m nit-picky!  I look at things and I start pointing out faults pretty much immediately and that is not from – it doesn’t come from a negative space, it’s just like, “Oh, we could do this better, we could do that better, this could actually be made this way.”  And the same happens when I – and this is how I fell into this whole career is I looked at statistics for campaigns and accounts and thought, “Well, those things don’t make sense, why do they not make sense – what people taught me, it should look like this, why is it not looking like that?”  And I dug into it and that is what got me here.

I think that’s an admirable trait that you need in your industry because that’s just it, as we said before at the very top, you have to look at the data – if it looks too good to be true, it is and you have to have that type of precise mind, razor-sharp approach to this to figure it out.  So I can see the fit, I can see your superhero power coming through, Andreas.  In the meantime, our listeners are probably saying, “Hey, I didn’t take notes but I was really into this”, we know that they have to go to the blog and check out what you’ve written there and whitepapers and what have you, but how can they keep in touch with you, perhaps, if they want to keep up with you and maybe what you’re writing personally?

I’m pretty easy to follow on LinkedIn, that’s the only social network that I frequent, that’s actually not true, I also have a Twitter account but I never look into it.

We know now, LinkedIn is the place for you.

Exactly, LinkedIn is where you can find me and get in contact and everything that I write shows up on the Adjust blog and we also have a CAAF section on the Adjust website so everything that is new around CAAF can be found there.  And I usually make it a habit to make sure that whenever I write something new, I also post it on LinkedIn for convenience.

Excellent, so we’ll have those in our show notes and of course listeners, if you want to read up on Andreas or any of the other Mobile Heroes in the series, you can check out their dedicated page over at

And if you want to keep up with me throughout the week or find out more about how you can be a guest or sponsor on Mobile Presence, then you can email me,, Mobile Groove is also where you can find my portfolio of content marketing and app marketing services. 

And that, my friends, is a wrap until another episode of Mobile Presence.  In the meantime, you can check out this and all earlier episodes of our show by going to or you can find our shows on iTunes, Stitcher, Spreaker, Spotify and iheartRadio simply by searching Mobile Presence.  So until next time remember, every minute is mobile, so make every minute count.  We’ll see you soon.