What is install hijacking?

Install hijacking is a type of mobile fraud in which an attacker uses a technique to falsely attribute an app install to a legitimate advertising campaign to earn a fraudulent commission or boost the metrics of an advertising campaign. This is often done by creating fake clicks or impressions on an ad or by using malware or other methods to simulate a legitimate install. Install hijacking can happen on both Android and iOS mobile platforms. The attackers use bots, click farms, or even scripts to generate fake install events. Install hijacking can be hard to detect and could cause problems for advertisers and mobile app developers, as it can lead to inflated metrics and a misallocation of advertising resources.

How does install hijacking work?

The attackers of install hijacking can use various techniques to carry out install hijacking. Some common methods include:

• Click injection: This technique involves injecting fake clicks into an ad campaign by using malware or a script. The malware is typically installed on the user's device through a phishing attack or by downloading a malicious app from a third-party app store.
• Click spoofing: This technique involves creating fake clicks by simulating the appearance and behavior of a real device. The attacker can use a bot or a virtual machine to emulate a real device and generate a large number of fake clicks on an ad.
• Device emulation: This technique involves using an emulator or a virtual machine to simulate a device and generate fake installs. The attacker can use this method to generate a large number of fake installs, which can be used to inflate the metrics of an advertising campaign.
• Click farms: In this method, the attacker uses a group of real devices and real people to generate fake install and ad interactions.

All these methods allow an attacker to falsely attribute an app install to a legitimate advertising campaign to earn a fraudulent commission or boost the metrics of an advertising campaign.

How do you prevent install hijacking?

Use a secure ad network: Ad networks can be vulnerable to attack, so it's important to use a secure ad network that has measures in place to detect and prevent fraud. Many ad networks use fraud detection tools to identify and block suspicious traffic, and some also use encryption to protect the data being transmitted.

Monitor traffic patterns: Regularly monitoring the traffic on your mobile app can help you identify patterns that indicate install hijacking. Some common indicators of install hijacking include a large number of installs coming from a single IP address, or a high number of installs that occur within a short time.

Secure your app and servers: You can take some steps to prevent an attack on your app by making sure that your code is secure and that your servers are properly configured. This include keeping your app and server software updated, implementing best practices for secure coding, and using encryption to protect sensitive data.

Use MMPs: MMPs such as Airbridge offers fraud detection and protection services that can guard your app against ad fraud. Using these third-party services, you can even personalize your fraud protection rules that suit your business.