Protect your campaigns from ad fraud by detecting device spoofing and in-app mobile emulators that push fraudulent traffic, invalid clicks, and fake installs.
Device Spoofing is a popular affiliate fraud tactic for fraudsters to create fake clicks and submit fraudulent leads, installs, or purchases with human-like behavior. The digital advertising and eCommerce industries are mainly targeted by this type of fraud, which IPQS considers a very advanced technique. Fraudsters have many tools at their disposal to facilitate device spoofing, such as residential proxy networks like Vip72, session management tools like Multilogin, and even emulators that can mimic device signatures. In-app Spoofing is just as effective as browser spoofing — which are both designed to quickly rotate fake devices that appear as real human-like behavior.
It can be a challenge to detect browser spoofing, especially when cybercriminals and abusive publishers blend invalid traffic with real traffic sources. Using a combination of device fingerprinting and bot protection, IPQS can reveal fake traffic and invalid devices in real-time without impacting the user experience for legitimate users.
What is Mobile In-App Spoofing?
Mobile emulators facilitate in-app spoofing such as MEmu, Android Studio, ARChon, Bliss OS, Bluestacks, Gameloop, Genymotion, LDPlayer, Phoenix OS, and much more. These programs can be used to broadcast a real Android device's signature from any Windows based PC. These apps also have settings available for SDK spoofing and to adjust the graphics card, CPU processor, ISP, GPS data, hardware IDs like IMEI, platform IDs like Android ID, and even alter the device's make and model. Pairing this with a residential proxy can also quickly change the IP address and the associated ISP and geo location data. Unlike typical device spoofing, mobile emulators tend to focus on Android devices, however they can also mimic iOS devices such as iPhones and iPads.
Mobile Device Fingerprinting offers the best solution against mobile fraud including mobile emulators and iOS or Android app spoofing. By analyzing data directly from the user's device, it's possible to identify anomalies and irregular behavior patterns.
Detecting device spoofing is where it gets tricky for fraudsters as their skills determine how successful they will be at in-app spoofing. Legitimate mobile devices will broadcast appropriate settings for their operating system, browser, and specific settings enabled through their OS. IPQS analyzes a device signature to determine if it matches the expected profile settings. Our threat research has shown that very advanced cybercriminals will display the correct system settings for the device they are spoofing — so we've paired this analysis with deep fingerprinting techniques to ensure that even the most advanced in-app spoofing tactics can always be prevented.
How to Detect Emulators & Device Spoofing?
Device Spoofing can be easily uncovered by using device fingerprinting techniques with JavaScript or an SDK app, which analyzes device settings like resolution, fonts, graphics cards, browser plugins, OS, CPU processor, cookies, and over 300 data points. The data provides precision insight into any software which may be enabled for device spoofing that could contribute to click fraud and fake impressions or installs. Detecting emulators is conducted in the same fashion, with the user's settings often revealing inconsistencies in a browser or mobile device's settings.
IPQS also analyzes user behavior to detect non-human traffic and automated requests. This analysis is crucial for identifying high risk behavior patterns that could indicate a click farm or fraud ring is targeting a specific app or ad campaign.
How to Protect Against Location Spoofing?
While using mobile emulators for mobile apps or even browser spoofing techniques, GPS data can also be faked for location spoofing. For example, a user in China can force their GPS data to display New York City, USA. It's also easy for high risk users to obtain a proxy or VPN connection for major cities like NYC, LA, Miami, and practically anywhere in the US or abroad.
It's well known that primary countries like the US, UK, AU, CA, and Europe have higher bid rates so it's in the best interests of fraudsters to engage in location spoofing. IPQS prevents location spoofing by detecting proxies with unrivaled IP address reputation data.
Score Your Traffic in Real-Time with IPQS
Solutions for Device Spoofing
While fraudsters vary in the sophistication of their techniques, IPQS can always detect non-human traffic, emulators, and device spoofing by analyzing the behavior through a JavaScript tag or by using our Device Fingerprinting SDK service. In addition to the methods mentioned in this article, the following methods are helpful for traffic quality analysis:
- Velocity Scoring - Large traffic bursts during non-peak hours and activity by the same device profiles are a great indication of invalid traffic (IVT).
- Bot Fingerprinting - Analyzing the device for signatures of bot activity and non-human behavior is helpful to understanding if a click, impression, or install has originated from a real human
- Device ID Resetting - Click farms frequently engage in ad fraud and then reset their device ID and change device signatures all in a matter of seconds. It's wash and repeat for these cybercriminals which repeat the same behavior 24 hours per day. Some click farms have been found to produce over millions in fraud just from a single group of users with spoofed devices.
- Detecting Emulators - IPQS scores hundreds of millions of clicks per day giving us great insight into how a specific device should behave based on their OS, browser, and platform. This makes it easy for our machine learning algorithms to identify emulators with in-app spoofing.
IPQS provides comprehensive protection for even the most sophisticated methods of device fraud for both desktops and mobile devices. Integration is a breeze for all major ad platforms and even your own app or site with just a few clicks. Grab a free API key to get started now.
