Click Validation

Click validation is a fraud prevention technique that requires ad partners to confirm that each click is legitimate by matching it with its associated impression data. By matching impressions with clicks, this confirms that the ad was actually shown to a real person. Given that click fraud is a massive issue that costs marketers tens of billions of advertising dollars each year, click validation is one of many fraud prevention techniques that can help ensure ad spend is actually going to real users.

In the case of real users clicking on ads, logically the user must first be shown the ad and an impression should be recorded by the ad network. Despite this simple logic, advertising platforms are currently able to record click data without providing the attribution or mobile measurement partner (MMP) with a validated impression associated with the click. Click validation attempts to solve this by introducing a new mechanism, which as discussed in our guide on the subject works as follows:

• Each time an ad network serves an ad it also fires a callback to the MMP with a unique ID that the MMP can authenticate
• After a user clicks on an ad, the click’s callback would include the impression ID and be sent to the MMP for validation
• The click would then be validated by ensuring there is an impression with a matching ID and parameters (i.e. device ID). Validation would also involve ensuring that each impression didn’t lead to numerous clicks and can involve further statistical analysis to look at the time between impression and click, and so on.

In theory, there have been claims that click validation performed this way would eliminate app install fraud entirely or at least make it very difficult to do. In practice, however, there are several weaknesses of click validation that can still lead to fraudulent activity.

In particular, a few of the most notable weaknesses of click validation include:

• Adoption: First, for click validation to work it requires adoption from the platforms that serve ads. Specifically, for click validation to truly eliminate app install fraud, it would require industry-wide adoption from basically all networks and affiliates to share their click and impression data. Unless click validation becomes the industry standard, this level of adoption is highly unlikely.
• Click spamming: The next weakness with click validation is that a marketer’s budget can still be susceptible to click spamming as Singular has found more than one case in which attackers were able to include click injection and spamming code in the ad-serving entity’s SDK.
•  Click injection: Finally, proponents of click validation say that it can solve the issue of click injection, although in reality, this problem has already been solved for more than two years. As highlighted in our blog post on the topic:

“Fraudsters have long ago found better methods than relying on the install broadcast and can now spot installs before they happen or at the same time the user presses the install button and the app starts to download. In both cases, that means that most of the time, attackers will have ample time to “serve” a new fake impression and then report a click.”

As these weaknesses highlight, there are better ways than click validation to prevent fraud and ensure that ad budgets are going to real users.

Singular’s fraud prevention solution is built by a team of skilled cybersecurity scientists that use more prevention methods than any other solution on the market. In particular, a few of the fraud prevention techniques provided by Singular include:

• Android Install Validation
• iOS Install Validation
• Android Click-Injection Prevention
• Android Organic Poaching Detection
• Blacklisting
• Geographic outliers
• Short time to install (TTI)
• Hyper-engagement

You can learn more about each of these fraud prevention techniques here. In summary, by taking a proactive approach to block fraudulent activity, marketers can be sure their ad spend is going to real users and driving the highest ROI possible.