Airbridge
PricingCustomers
Log InGet Started Free
A

Airbridge AI

Ask anything about Airbridge

Responses are AI-generated and may not always be accurate.
Conversations may be recorded to improve answer quality.

Airbridge

Stop paying for ads that don't perform. Track ad performance to know exactly what's driving your ROI.

Plans

  • Compare All Plans
  • DeepLink
  • Core
  • Growth
  • Pricing

Features

  • Airbridge AI
  • Marketing Analytics
  • Fraud Protection
  • Web & App Attribution
  • ROAS Measurement
  • iOS & SKAN
  • Deep Linking
  • Data Export
  • Audience Manager

Resources

  • Blog
  • Case Studies
  • Glossary
  • Library
  • Academy
  • User Guide
  • Developer Guide

Company

  • About Us
  • Terms of Service
  • Electronic Payment Terms
  • Privacy Policy
  • Information Security
  • GDPR
  • Data Processing Addendum
  • System Status

© 2026 AB180 Inc. All rights reserved.

AB180 Inc. | Business Registration: 550-88-00196

Back to Glossary
I

Install hijacking

Definition

In mobile attribution, install hijacking refers to ad fraud where an attacker falsely attributes an app install to a legitimate advertising campaign to earn a fraudulent commission or inflate metrics.

A
Airbridge
May 20, 2024·3 min read

Table of Contents

  • What is install hijacking?
  • How does install hijacking work?
  • How do you prevent install hijacking?

What is install hijacking?

Install hijacking is a type of mobile fraud in which an attacker uses a technique to falsely attribute an app install to a legitimate advertising campaign to earn a fraudulent commission or boost the metrics of an advertising campaign. This is often done by creating fake clicks or impressions on an ad or by using malware or other methods to simulate a legitimate install. Install hijacking can happen on both Android and iOS mobile platforms. The attackers use bots, click farms, or even scripts to generate fake install events. Install hijacking can be hard to detect and could cause problems for advertisers and mobile app developers, as it can lead to inflated metrics and a misallocation of advertising resources.

How does install hijacking work?

The attackers of install hijacking can use various techniques to carry out install hijacking. Some common methods include:

  • Click injection: This technique involves injecting fake clicks into an ad campaign by using malware or a script. The malware is typically installed on the user's device through a phishing attack or by downloading a malicious app from a third-party app store.
  • Click spoofing: This technique involves creating fake clicks by simulating the appearance and behavior of a real device. The attacker can use a bot or a virtual machine to emulate a real device and generate a large number of fake clicks on an ad.
  • Device emulation: This technique involves using an emulator or a virtual machine to simulate a device and generate fake installs. The attacker can use this method to generate a large number of fake installs, which can be used to inflate the metrics of an advertising campaign.
  • Click farms: In this method, the attacker uses a group of real devices and real people to generate fake install and ad interactions.

All these methods allow an attacker to falsely attribute an app install to a legitimate advertising campaign to earn a fraudulent commission or boost the metrics of an advertising campaign.

How do you prevent install hijacking?

Use a secure ad network: Ad networks can be vulnerable to attack, so it's important to use a secure ad network that has measures in place to detect and prevent fraud. Many ad networks use fraud detection tools to identify and block suspicious traffic, and some also use encryption to protect the data being transmitted.

Monitor traffic patterns: Regularly monitoring the traffic on your mobile app can help you identify patterns that indicate install hijacking. Some common indicators of install hijacking include a large number of installs coming from a single IP address, or a high number of installs that occur within a short time.

Secure your app and servers: You can take some steps to prevent an attack on your app by making sure that your code is secure and that your servers are properly configured. This include keeping your app and server software updated, implementing best practices for secure coding, and using encryption to protect sensitive data.

Use MMPs: MMPs such as Airbridge offers fraud detection and protection services that can guard your app against ad fraud. Using these third-party services, you can even personalize your fraud protection rules that suit your business.

Put these concepts into practice

See how Airbridge helps teams implement mobile attribution strategies at scale.

Related Glossary Terms

Expand your understanding with related concepts.

Get Started Free
View Case Studies

A/B Testing

A/B Testing, a cornerstone of performance marketing, is a methodical approach that compares two versions of a webpage or app to determine which one performs better.

Active User

An Active user refers to an individual who interacts with a digital product, such as a website, app, or online platform, within a specific timeframe.

Ad exchange

An ad exchange is a facilitator of buying and selling advertising inventory.

Ad inventory

Ad inventory is the available spaces for ads on a particular platform or medium.

Ad mediation

Ad mediation is a technology that allows multiple ad networks to be managed through a single SDK. Ad mediation platforms streamline the ad delivery process and maximize revenue, CPM, and fill rates for publishers.

Ad monetization

Ad monetization generates revenue from advertising on a website or mobile app.