Fraud Squad Field Notes is a multipart series that will cover a variety of topics related to user fraud and waste within mobile app marketing. With insights directly from the mCent fraud team, we will discuss industry trends, methodologies, and share observations from our audience data.
Mission: Free Internet
mCent is unique in the app distribution industry.
At its core, mCent matches the “next generation” of mobile users (in particular those with limited means to pay for mobile connectivity) with app developers interested in reaching a new and engaged audience. As a result we’ve created a highly scalable model that allows advertising dollars to subsidize the cost of data to consumers (the coveted “win-win”).
Every user that we drive to our clients is a registered and verified member of our platform. They regularly engage with mCent by referring others to join, finding new apps, or even taking advantage of new features such as messaging. These users-many of whom are coming online for the first time-trust mCent to deliver high quality apps along with free data, and our clients in turn see mCent as an effective channel to reach an entirely new audience.
Because of the uniqueness of our users and offerings, we have to employ strategies that ensure we are delivering the highest-quality users to our advertisers.
Step 1 of that task it to prevent one of the most common forms of waste in the mobile app marketing industry: duplicate personas (also known commonly as install fraud)
Duplicate Users: A pervasive problem
Duplicate users end up causing tremendous difficulties down the line. They often go uncounted by attribution platforms (and we lose revenue), they do not end up engaging with the apps they install (resulting in low conversion and retention rates for our clients), and worse they crowd out our good members.
As the PM on our fraud mitigation team, I regularly communicate with our Sales team, clients, and attribution partners to make sure that we are not only employing best practices, but that we are staying ahead of new trends and can react quickly to new types of user fraud.
When it comes to detecting fraudulent traffic one of the most common strategies I see among our partner networks and direct clients alike are tools that “de-dupe” users based on device identifiers and/or filter out devices whose identifiers are invalid.
Although these methods are quite common, I nonetheless regularly encounter confusion between the different identifiers as well as what makes a particular identifier valid or not.
There are many identifiers on a user’s device (we track over 20) however the most universal are Device ID, Android ID, and Advertising ID. We’ll dive into each of these in more detail in subsequent posts, but today I want offer a quick primer on the most commonly misused: Device ID.
Device ID is the most commonly misused label and is often used interchangeably in conversation with other identifiers (which is not surprising given its generic naming):
- Technically speaking, a Device ID is the value accessed by TelephonyManager.getDeviceId() in the Android API).
- For devices without telephony (like tablets and media players), the Device ID will be Null.
Device ID field can be one of three forms: IMEI, ESN, or MEID.
IMEI or International Mobile Station Equipment Identity numbers are 15 digit numerical identifier numbers assigned to GSM network enabled mobile devices. IMEI numbers can be validated using a simple “checksum” formula (called Luhn’s Algorithm), whereby the first 14 digits validate the 15th digit in the sequence.
How to validate an IMEI number:
Let’s say your IMEI number in question is 452782316974498:
1) Starting from the second digit, double every other digit
4 10 2 14 8 4 3 2 6 18 7 8 4 18 8
2) Break all the digits into single digits (i.e. 18 becomes 1 and 8):
4 1 0 2 1 4 8 4 3 2 6 1 8 7 8 4 1 8 8
3) Sum the digits:
4 + 1 + 0 + 2 + 1 + 4 + 8 + 4 + 3 + 2 + 6 + 1 + 8 + 7 + 8 + 4 + 1 + 8 + 8 = 80
4) Check if the sum is divisible by 10 (with no remainder).
80 / 10 = 8!
Luhn’s algorithm is easy enough to code into whatever tools you use for analysis, however if you use python I strongly recommend a module called stdnum.
Similar to an IMEI number, and MEID number is a 14-digit identifier assigned to CDMA enabled mobile phones. ESN (or Electronic Serial Number) was originally created by the US FCC to identify CDMA-enables mobile phones, however it has largely been replaced by MEIDs.
GSM and CDMA represent two network technologies used by telecom operators. Although several US-based carriers (including Sprint and Verizon) use CDMA, in practice most carriers in the markets we operate in rely on GSM technology, and it should be expected that IMEI number make up the vast majority of traffic in emerging markets.