SDK Spoofing
What is SDK spoofing?
Also referred to as traffic spoofing, SDK spoofing refers to a type of mobile fraud in which fake app installs are created with data from real devices, without any real installs actually taking place. This type of mobile fraud occurs when fraudsters use a real device to create installs that look legitimate in order to steal a marketer’s advertising budget.
Want to ensure SDK spoofing doesn't happen to you?
Learn how Singular’s fraud solution can help
Uses of SDK spoofing
In order to carry out this type of mobile fraud, the attackers break open the SSL encryption between the communication of a software development kit (SDK) and the servers with what’s referred to as a ‘man-in-the-middle attack,’ which Veracode describes as:
… a type of eavesdropping attack, where attackers interrupt an existing conversation or data transfer. After inserting themselves in the “middle” of the transfer, the attackers pretend to be both legitimate participants.
After this initial attack, the fraudsters will then simulate a variety of events such as installs, clicks, in-app purchases, and other valuable actions. The goal of testing various actions is to learn which URL parameters will trigger these seemingly legitimate actions. Once they’ve determined these URL parameters, fraudsters can send these URLs repeatedly to the SDK, which will then recognize it as an install event.
As highlighted in our guide to app install fraud:
Mobile marketers place software (an SDK) from a Mobile Measurement Partner (MMP) in their apps to monitor and measure the results of their marketing. In SDK spoofing, no app is ever actually installed … but an install is being reported to the MMP and potentially other analytics providers by faking the SDK’s traffic.
If successful, SDK spoofing can result in advertisers paying for thousands of installs that never actually occurred. In order to prevent SDK spoofing, many mobile marketers rely on MMPs to put in place fraud prevention techniques so that their market budget is spent on real users.
Want to ensure SDK spoofing doesn't happen to you?
Learn how Singular’s fraud solution can help
How Singular prevents SDK spoofing
SDK spoofing is just one of the techniques used by fraudsters in order to carry out app install fraud. Since the goal of SDK spoofing is to fake the traffic from an MMP’s SDK, one way that MMPs like Singular prevent this is by using SDK message hashing in order to protect messages sent between the two parties.
In addition, Singular checks the Google Install Referer on Android and any SKAdNetwork postbacks on iOS to ensure that reported installs are real installs.
As discussed in our guide on SDK encryption, aside from SDK message hashing, Singular secures the mobile attribution of our SDKs with the basics such as using a closed source SDK and SDK encryption. In addition, we’ve developed proprietary techniques for both iOS and Android that rely on a “chain of trust.”
This chain of trust ensures that devices that are communicating with Singular’s server are real devices owned by real users.
In addition to preventing SDK spoofing, Singular is a leader in fraud prevention and has saved our customers hundreds of millions of dollars in ad spend that would have otherwise gone to fraudulent activity. Ultimately, our goal is to ensure that your ad budgets are focused on real users in order to generate the highest ROAS possible.