Skip to main content

30-Minute Webinar | Why Strategic Losing Can Be a Winning Strategy on ASA. Nov 21 at 4PM London / 8AM PST

Click Injection Unmasked: An Impact Assessment of Google’s Install Referrer API

By June 18, 2019August 18th, 2022News & Updates, Fraud Prevention 13 Min Read

Over a year and a half has passed since the release of the Google Play Install Referrer API that has given app developers and measurement providers a new level of insight into the exact timing and activity surrounding a user’s install. One data point provided by the API was the Install Begin Timestamp, the exact moment down to the second when the app install begins.

One of the biggest impacts from this new data was the ability to combat forms of click injection. A fraudulent tactic used to hijack install bounties, click injection occurs when malware on a device detects ad interactions and/or app store activity and injects fake clicks to steal attribution credit for an install.

Last year, a Buzzfeed article using Kochava research exposed several apps as participants in a massive click injection scheme. The article prompted an investigation by Google and the subsequent removal of several apps from its Play Store. With the data available from the Install Referrer API, most of the tactics deployed in this scheme were both detectable and preventable.

So, what have we learned over the past 18 months from the data revealed by the Install Referrer API?

To begin, let’s recap what changed with its release.

Before Install Referrer

Before Google Play Install Referrer

Before the Install Referrer API provided the Install Begin Timestamp, Kochava (and other measurement providers) only had visibility into a user’s first launch of an app, which triggered the initialization of our software development kit (SDK). This initialization was our first visibility to the app’s presence on the device and as such, it acted as the “install” event. The timestamp of the first open/launch was used for attributing the install back to a click.  

Because users don’t necessarily launch the app directly after completing the install, the first open time was inherently flawed as an indicator of when the install actually occurred. The unknown time gap between click and actual install provided an ideal click injection window for fraudsters to take advantage of.

To combat click injection, Kochava developed sophisticated time-to-install (TTI) algorithms to identify anomalous patterns between click and first open times and in order to flag suspicious outliers.

After Install Referrer

Before Google Play Install Referrer

After the Install Referrer API release, Kochava could gather the exact Install Begin Time (the moment the user entered the app store and clicked the “Install” button).

Google Install Begin Time

Kochava created new functionality that allowed marketers to override the use of the first open time and instead use the Install Begin Time. This removed reliance on the timestamp of the first open/launch event.

As a result, every click injected after the Install Begin Time could be disqualified from install attribution.

Because the Install Referrer API is called during initialization at the time of first launch, we still receive and process all of the injected clicks. When the Install Referrer API returns the Install Begin Time, it becomes clear which clicks are injected.

Painting a clearer picture of install attribution fraud

The simple availability of the true Install Begin Time has given a fuller view into the prevalence of fraud in the ecosystem.

When enabling the Kochava feature to override the first open time with the Install Begin Time, certain customers have experienced up to a 90% drop in attributed installs for their app. This indicates that a great majority of their media mix was perpetrating click injection and/or click fraud against them. These marketers haven’t lost total installs but rather saw their organics jump significantly. Click injection had been sniping organic installs, and switching to Install Begin Time saved the customers significantly on falsely attributed installs.  

Other apps have not noticed a large drop in attributed install volume but experienced a shift in which networks are winning the attributions, indicating that click injection tactics of some partners were stealing installs from others.

A Real-World Example

Let’s unpack a real-world example from a top Play Store app. In analyzing a specific install we saw:

  • Network A sent Kochava a click at 22:55:57
  • The user was redirected to the app store.
  • The user began downloading the app at exactly 22:57:00.
  • The download and install finalized at 22:57:17.
  • Kochava received a click from Network B at 22:57:26.
  • The first open of the app occurred at 22:59:00.

Without the Install Referrer API providing the Install Begin Time, Network B would’ve won attribution as the last click prior to the first open event. With the Install Referrer API, Network A is properly awarded credit, as the Install Begin Time precedes Network B’s injected click.

Kochava can also determine where this type of click injection occurs at scale across media partners and/or sub-publishers, helping marketers make more informed media spend decisions. The anonymized data below illustrates the analysis that’s now possible because of the Install Referrer API.

This first chart displays injected click volume compared to total click volume by network partner. Partners that heavily over index in injected clicks should raise warning flags.

Click Injection Analysis

Kochava can even help marketers determine which sub-publishers within such networks are the main culprits of the injection traffic. Marketers can then work with their partners to remove or block offending sources.

GRIT GRAPHICS graph

Taking advantage of the Install Referrer API

Kochava provides a myriad of benefits to marketers through the new Google Play Install Referrer API.

Marketers can enable the use of the Install Begin Time to override the first open time, providing a far more accurate timestamp of the actual install. This in turn significantly reduces vulnerability to fraudulent click injection tactics.

A click referrer time is also provided by the Install Referrer API, dictating whether an actual ad click preceded the user’s landing in the app store. Within Kochava Traffic Verifier, marketers can choose to require a click time be present in order to allow any click attribution.

IMPORTANT: If you currently use the minimum time to install (MTTI) function of Kochava Traffic Verifier, please check with your Client Success Manager before enabling use of Google’s Install Begin Time.  

What do you need to do?

Marketers can easily make use of these features in Kochava but first must ensure that an app’s Google Play Services Library dependencies are updated to support this new API. This is what allows the Kochava SDK to gather Install Referrer data and put it to work on your behalf.

For more information or to ensure you’re taking advantage of the Install Referrer API, please contact your Client Success Manager.