mFilterIt identifies ‘FaDe’ BOT disguising as a Smartphone to fire fake installs

Covid-19 has paused a lot of many marketing activities including several performance marketing campaigns aimed to get new subscribers/users for apps and other digital services.  India is a mobile-first country, which has more than 500 million smartphone users, it makes all the sense to target the smartphone users to build on the base.

In its continuous monitoring where mFilterIt validates over 150 million events a month, it recently discovered a BOT, coded at ‘FaDe’ which is being used to get sophisticated invalid traffic (SIVT), in this case users for many apps.  There are at least 6 large advertisers impacted as indicated by early results.

The key observation of this bot includes a sudden jump in the organic traffic of the advertisers! This bot seems to have been coded incorrectly resulting in many (roughly 40%) installs being tracked as organic (instead of inorganic, which would generate revenue for the publisher).  This 40% resulted in organic traffic spiking for different advertisers, but with resulting transaction/install ratio’s taking a dip (since this bot was able to drive installs but not able to reach upto subscriptions)

The key trends analyzed include: -

Installs are predominantly coming from 4 specific Smartphone brands of Samsung, Xiaomi, Asus and Sony.  These are not real users but BOTs simulating fake devices of these particular Smartphone brands.

A smaller ratio of the installs, in the effort to diversify the brands, are happening on Smartphones which are either not sold anymore or sell very less.  Prominent among them include Micromax, Swipe, and iKall.

The new users are signing up on the app version which was launched in January by one of the advertisers.  They had a couple of refreshes since then and the latest version was upgraded in April.  However, the new signups of May from this bot were still happening on the January app version. The BOT was faking registrations as well as installs.

The signups from specific Smartphone models are for very old OS versions.  These are at least 3-4 generations old than what the brands are shipping their devices with.  In each case, the BOT used these to exploit the lower security available on these Android releases to run itself.

The BOT tries to balance and diversify itself and hence evades detection when using manual thumb rules or attribution platform checks. 

Dhiraj Gupta, CTO, and Co-Founder, mFilterIt explaining the discovery added, “Some rogue publishers are deploying BOTs to get fake installs by trying to simulate a real user’s profile.  However, it is next to impossible to mirror a real user where several parameters keep on changing dynamically.”

“BOTs however intelligent they maybe cannot keep up with this dynamic nature and the makers of such BOTs do keep some gaps which can be identified with proper tools and data analytics,” added Dhiraj.

As per quick estimates, the BOTs would have already wasted around Rs 10 million each within a 15 day period of the identified advertisers. mFilterIt customers have this protection from day 1 of the bot being identified.

Advertisers are advised to have a thorough check of performance being achieved especially as they gradually resume after the Covid-19 pause. There will be many rogues who will try to replicate the market like scenarios to fake performance for advertisers using BOTs, like the one identified as ‘FaDe’.  The advertisers need to be extra judicious with their spends and ensure that they are getting only genuine engagements to drive orders, sales and other objectives for which they are spending millions.