Fraudsters go where the money is. That said, it’s no surprise that digital advertising is a major battleground for fraudulent activity as it generates billions of dollars each year. Fraudsters also target new markets and technologies where they can wage the greatest impact. The total cost of ad fraud is predicted to reach $87 billion by 2022.

On top of the fraud types that are most commonly known in user acquisition, there have been reports of a new type of fraud called “mobile retargeting fraud”. But before we get to that here is a rundown of each main fraud type for review:

Major UA Fraud Types

  • Click Spamming - This occurs when a fraudster simulates a high number of clicks from users who haven’t made them. This is done by executing clicks while the user engages with the app or even while active in the background. Abnormal click-to-install-time (CTIT) rates detect this type of fraud.
  • Click Injection - This is a more sophisticated form of click spamming. It occurs when a fraudulent app creates fake clicks as app installs are taking place. These fraudulent apps then get attribution credit for the install. Abnormal click-to-install-time (CTIT) rates also detect this type of fraud.
  • Bots -  This consists of mobile fraud bots that run off servers and simulate actions. These include ad clicks, installs and in-app engagement. Bots can also run off real mobile devices or malware located on a user’s device. Apps with open source SDKs can be subject to the device-based bot activity which uses a tactic called SDK spoofing. Spoofing impersonates click, install, and in-app event reports on behalf of another app. Behavior anomalies such as high densities of installs that follow identical, non-human behavioral patterns identify this type of fraud.

Debunking Mobile Retargeting Fraud

Recent articles from industry players have highlighted a new type of fraud rearing its ugly head: retargeting fraud. While it would make logical sense that as app marketers shift more dollars to retargeting (65% of advertisers across all verticals have increased their retargeting budget since Q1 2018) that fraudsters would innovate to target that realm of activity, we want to be clear about the real nature of this “new” type of fraud. 

Simply put, the risk of fraud in retargeting is very small for reasons we will explain below. In the few cases that it might occur, it takes the form of one of the fraud types above. In short, retargeting fraud is nothing new and given the down-funnel nature of the retargeting process, it’s of little risk to marketers.

Why Mobile Retargeting Fraud is Unlikely In the First Place

Mobile app retargeting refers to ad campaigns that target people who have previously downloaded and visited your app. Based on specific user behavior, personalized ads are served to encourage users to re-engage, re-install, or complete a down-funnel conversion.

To undertake the retargeting process successfully requires first-party data and an intricate set of steps on the part of the marketer. Here’s an example flow:

A user browses a shopping app and intent data is captured at each event level. The user finishes browsing and starts playing a gaming app. This game app also happens to be in the retargeting partner’s publisher network. The user’s intent is calculated and the impression is purchased. Then a product recommendation is determined and an ad is designed and served in real-time. The ad displayed shows a picture of the product the user previously viewed, as well as other product recommendations based on their browsing behavior. When a user clicks on the ad, a deep-link takes them back into the shopping app to complete the purchase.

To undertake retargeting fraud would require the step-by-step simulation of each of the steps noted above. This includes the initial app engagement to intent behavior that targets them for re-engagement and final purchase. 

Here are some reasons why the successful simulation of this process would be unlikely:

Fraud is Agnostic, Retargeting is Not

In retargeting fraud, there is no such thing as “fake users”. To be retargeted for an ad, they must show engaged behavior that would suggest a higher likelihood of a down-funnel action. Mobile ad fraud, as it stands, simulates the acquisition of new users. Whether that be by simulating clicks or installs, the fraudulent activity is agnostic to whether the user is highly-engaged or not. It doesn’t distinguish between users who exhibit behavior that would indicate they are more likely to make a final purchase or users who are just clicking on ads with no real intent-to-purchase.

In contrast, the basis of retargeting is to evaluate, isolate and re-activate only the users who have shown high intent to take a down-funnel action. Logically, this requires a higher level of sophistication and investment. This higher investment is also less likely to be profitable for fraudsters in the long run.

Fraud is “Perfect”, Human Behavior is Not

YouAppi’s proprietary anti-fraud algorithm detects and flags fraud. Oftentimes the fraudulent activity is marked by very static, specific, and exact measurements. Our algorithm identifies these suspicious patterns at the individual user level. When fraud occurs, it’s usually click farms or bots undertaking user behavior “perfectly”. From one event to the next, it’s very quick or it all happens at a certain time of day. In contrast, real human mobile behavior is “imperfect”. It’s random, sporadic and disorganized. The messy behavior is usually the mark of real behavior. Anything that looks too organized. is the mark of fraudulent activity.  Examples could be actions that take place at the same time of day or when there are no events at all.

Fraud Sits at the Top of the Funnel, Retargeting Does Not

Since retargeting qualifies ad spending by only investing in re-engaging users who have exhibited a high likelihood of taking down-funnel actions, logically, mobile retargeting fraud would also shift potential fraudulent activity down the funnel. In UA fraud, click farms and bots mimic the install and open of an app to get paid. But as you move down the funnel, figuring out the actions that will result in a payout is harder for fraudsters. 

Take a game app. There are so many different events that marketers might tie to overall performance. These events could include gathering coins, reaching a certain level, watching a sponsored ad. Likewise, in retargeting, there is a multitude of events advertisers might identify as a measure of user retention. 

Additionally, only real users are retargeted using first-party data. At YouAppi, we describe our retargeting platform as a “UA blanket” that sits as a layer on top of advertisers’ UA efforts to further verify their traffic sources for acquiring new users. This also enhances their marketing efforts as they flow users down the funnel from install to engagement to re-engagement and acquisition.

Realistically, for fraudsters to get a payout, they would have to access millions of devices and use them over and over again to mimic specific “retargetable” behavior. 

Other Fraud Controls 

Along with these reasons, here are some other control mechanisms for fraud at the user acquisition level:

CPA Campaigns

Any campaign that works on a CPA pay structure has the added protection of eliminating the chance advertisers will get paid out for illegitimate engagement. At YouAppi we work on an effective CPA (eCPA). This calculates what it actually costs you to reach your goal, whether that goal is an action, a lead, or a visitor. If you pay on an impression or click basis, there’s a higher chance of paying for actions that cannot be tied to conversion goals. Sticking to a CPA model means only paying for actions that lead to down funnel goals. This eliminates the likelihood of fraud. 

Incremental Lift Analysis 

Incrementality has become the gold standard for measuring ad campaign success. This allows marketers to more effectively allocate ad spend by evaluating the percent of conversions received as a direct result of an advertising campaign. It also helps vet fraud early on in the campaign process. Before we launch a campaign, we randomly select a control group. The group includes 10% of users. We then test the group's actions for high-quality in-app engagement such as conversions, payments, average order value (AOV), and conversion rate (CR). This testing validates the actions we take within the target group. It also verifies that the user populations we are targeting are not fraudulent since such high engagement actions would not occur otherwise.


Most MMPs have their own fraud detection tool kit that flags suspicious activity. These tools combined with marketing partners’ own reporting mechanisms control for the incidence of fraud. Some MMPs provide a proprietary fraud protection suite that flags suspicious activity based on various measurement points.


Any partner that has direct partnerships with SSPs has an additional layer of fraud protection built into their model. Since all the major SSPs (for example, Google, Vungle, Applovin, Mopub, Unity to name a few) have their own fraud prevention mechanisms, this adds an additional layer of fraud protection for marketers. 

Direct RTB Partnerships

Partners with direct RTB partnerships with suppliers like Samsung or Activision are fully transparent. This allows marketers to know where they are buying and what they are buying. Again, this controls for fraud. 


With an RTB campaign, the value lies in the ability to have 100% transparency. Again, the likely incidence of fraud given this transparency is very small.

How to Prevent Mobile Retargeting Fraud

The good news is there are a range of fraud prevention tools available to help you better monitor fraud in your campaigns. Working with trusted partners who can recommend anti-fraud platforms and trustworthy media sources is key. Also working with partners with full funnel capabilities that can share impression logs, IDFA, and the publisher’s data on impressions and clicks can help you better spot fraud in your funnel. Finally, choose partners with MMP integration so they can compare activity flagged by their proprietary fraud tools. The combined efforts of your marketing stack partners, all with the end goal of client success, is the key combatant to fraud.


The total cost of ad fraud is predicted to reach $87 billion by 2022. While recent articles from industry players have highlighted the emergence of retargeting fraud it’s, in fact, overestimated and nothing new. In the few cases that mobile retargeting fraud might occur, it takes the form of fraud that we know (and hate) such as click spamming, click injection or bot fraud. That said, given the down-funnel nature of the retargeting process, it’s of little risk to marketers.