移动互联网(mobile advertsing )推广中的欺诈流量(Fraud),你真的都知道吗?
前言
今天的主题是聊聊推广过程当中的欺诈流量。内容很干,知识点很多,慢慢看,慢慢看。
希望通过这篇文章可以让你对移动互联网推广中的欺诈流量有一个全局的认识,尤其是第一部分的参考链接是涵盖了欺诈流量的方方面面,后续的内容都是围绕这里面提及的方方面面展开的。
移动互联网广告欺诈
可以看到现在移动广告营销的花费逐渐递增,且增幅很大,但是保守估计每年因欺诈损失数十亿美元,目前估计每年损失 65 亿美元至 190 亿美元 (数据来源:eMarketer)。
所以负责任的营销推广人员应该熟悉推广过程当中的欺诈流量,将预算花在刀刃上。
因为Wherever the money is – fraud will likely be there.
在线广告欺诈(欺诈流量)故意操纵转化流和转化路径中的各个方面,以窃取广告预算。然而,无效流量只是超出活动规则和广告商预期的流量。无效流量的例子:非目标国家、超出规则外的流量来源(例如成人、激励类)、诱导性素材带来的流量等等。
参考链接:
https://www.appsflyer.com/resources/guides/mobile-ad-fraud-for-marketers/
Emulated devices
关键词:PC程序化、模拟设备和操作系统
Emulated devices, sometimes called device emulators, are programs running on computers that simulate devices and operating systems.
模拟设备允许开发者可以在不同设备,不同机型不同操作系统去测试app的运行情况,因为模拟设备可以快速便捷省成本的验证结果。但同时也会被利用做一些欺诈行为。
参考链接:
https://www.appsflyer.com/glossary/emulated-devices/
Fake users
关键词:Real users
大白话讲就是并非真实用户(Real users),常见的就是Bots 和Phone farms。具体的行为就是device id reset, emulated devices,以及Click farms。
参考链接:
https://www.appsflyer.com/glossary/fake-users/
Bots
关键词:软件程序,预定程序,真机或模拟器或恶意软件
以基于设备的Bots来讲,对于一些开源的SDK或者安全防护等级较低的SDK容易被攻击,A就可以模仿B,代表B去发送点击、安装甚至应用内事件。
A bot, in the most general sense, refers to an autonomous program designed to carry out pre-determined tasks over the internet. While the tasks run by bots are typically simple, over time these software programs have been developed to tackle increasingly complex things – both good and bad.
如何阻止移动欺诈机器人?
闭源 SDK:确保您的归因提供商的 SDK 依赖于闭源技术。与开源 SDK 不同,封闭源代码对于欺诈者来说更难解压和模拟,因为他们的代码不会公开供任何人审查和逆向工程。请务必检查您的应用中使用的所有 SDK,如果其中一些应用了开源技术(尤其是归因 SDK),则这可能是安全漏洞。
SDK 安全措施(例如散列或唯一令牌)有助于实时阻止机器人活动。使用归因提供商的最新 SDK 版本将确保您拥有最新的安全更新,并与已知的机器人程序策略保持一致。
机器人签名:欺诈解决方案维护实时机器人签名数据库,自动将已知签名列入黑名单并阻止所有活动。
识别行为异常:例如遵循相同或程序化的非人类行为模式的高密度安装。
参考链接:
https://www.appsflyer.com/glossary/bots/
Blacklist
A blacklist in the world of mobile fraud describes a database of known fraud signal providers.
一般反作弊的归因平台都会有Blacklist的数据库,去比对筛查屏蔽Blacklist里面的作弊流量源,并且不断更新数据库。Blacklist维度:Device id, bots signature, IP address。
参考链接:
https://www.appsflyer.com/glossary/blacklist/
Phone farms (Device farms)
A phone farm is a physical location where criminals force repeat actions – such as ad views, clicks, registrations, installs, and in-app engagement – to create the illusion of legitimate activity, draining advertising budgets.
参考链接:
https://www.appsflyer.com/glossary/phone-farms/
Click farms
关键词:物理位置
Click farms, in the most general sense, refer to any physical location set up with devices to generate clicks, in bulk (and usually not for good purposes).
参考链接:
https://www.appsflyer.com/glossary/click-farms/
Device IDs
关键词:唯一,匿名(不会有用户的个人信息)
A device ID is a unique, anonymized identifier made up of a combination of numbers and letters that is associated with a single mobile device: a smartphone, tablet, or a wearable such as a smart watch.
Device ID分了两种:安卓机是GAID, 苹果机是IDFA。
IDFA纯大写字母,GAID全小写,但数据格式是一样:
在IOS 14.5以后,只有用户同意的情况下,app主和营销人员才可拿到IDFA的信息。否则一律是拿不到的。
参考链接:https://www.appsflyer.com/glossary/device-id/
大事记:
苹果在21年4月宣布ATT,也就是ios14.5后,默认是不打开IFDA的,除非用户同意,同年6月Google也宣布在21年底也实行了同样的政策,在安卓12以后,如果用户选择关闭定制化广告后,GAID就变成了一串0。
google现在发布了替代方案,叫做privacy sandbox,其主要功能是实现保护用户在线隐私。
操作系统给了用户权限去重置Device IDs,而重置后重新下载app,又会被计算为新的用户。整个过程就是重置、卸载、再安装,不断重复然后规模化,就成了phone farms, click farms。
Device IDs were (and still are) used by both operation systems as a way to better understand users and their journey while anonymizing personal information as well as clicks, installs, etc.
GAID
关键词:安卓机设备ID
参考链接:
https://www.appsflyer.com/glossary/gaid/
IDFA
Identifier for Advertisers, or IDFA for short, is a unique, random identifier (device ID) that Apple assigns to every iOS device. An IDFA would be the equivalent of a web cookie, in the sense that it enables advertisers to monitor users’ engagement with their ads, and keep track of their post-install activity.
参考链接:
https://www.appsflyer.com/glossary/idfa/
Install hijacking
关键词:安装劫持,移动恶意软件,劫持归因
Install hijacking is a class of mobile fraud that uses mobile malware to hijack attribution for an install. Install hijacking is a broad term which includes “click injection”, “referrer hijacking” and click hijacking.
安装是真实的,但是从real users劫持来的归因,通常点击发起行为都是隐藏在其他合法的程序中的,然后在感知到有用户有点击行为时会发出点击。
从上图可以看出,此类行为,通常表征为CTIT会有异常。
参考链接:
https://www.appsflyer.com/glossary/install-hijacking/
CTIT
Click to install time, or CTIT for short, describes the interval of time between when user clicks on an ad and an app is opened. It’s a very handy metric to look at in detecting and preventing mobile ad fraud perpetrated by bad actors looking to fake last clicks.
参考链接:
https://www.appsflyer.com/glossary/ctit/
Click flooding
关键词:last click, 大量点击
特征:点击大,转化率低,多触点归因
Click flooding is a type of mobile ad fraud that occurs when networks intentionally report a large number of fraudulent clicks in hopes of taking credit for the last click before an app install happens, so that they can take all the credit.
有一个可参考的数据:一般的app推广过程中,一小时内的安装占据75%,24小时内的占据94%,CTIT较长的一般是视频广告和大型应用程序广告。
参考链接:
https://www.appsflyer.com/glossary/click-flooding/
Mobile malware
关键词:恶意软件、窃取用户敏感信息、发送虚假流量
Mobile malware refers to a type of harmful software designed to gain access to mobile phones and tablets via ads or apps aimed at stealing sensitive data, misusing device functions, holding a device ransom, and even generating fake traffic.
参考链接:
https://www.appsflyer.com/glossary/mobile-malware/
最后
营销推广,学海无涯。
评论
发表评论