Click Injection

Click injection is similar in concept to click hijacking, where a legitimate click is replaced by a fraudulent click as the last touch before an install or purchase event.

Here is how click injection works:

  • User A has a fraudulent app installed on her device—usually through a third-party app store. The fraudulent app is often a very basic app with some ads.
  • When user A downloads a new e-commerce app to her device, all existing installed apps on her device are notified of this download event. This is a particular loophole with Android devices. iOS devices are less susceptible to click injection for this exact reason. about the download through Android “install broadcasts”
  • If this e-commerce app is running an install advertising campaign, the fraudulent app could be participating too and therefore has the tracking codes. The download event triggers the fraudulent app to report a click from user A.
  • Ads attribution services start tracing clicks in reverse chronological order when the new e-commerce app is opened the first time. The fraudulent click has all the correct matching on device IDs and track code, and will therefore be determined as the last-touch click. Fraudsters will then be rewarded the ad dollars associated with user A’s install.

Ready to ignite your mobile growth?

Take a tour of our platform to see how Branch can help you everywhere. Or jump right into the code.

A

M

C

S

A

B

V

M

A

D

M

D

A

C

I

S

W

M

A

P

Q

E

C

R

L

A

P

K

M

C

U

M

A

S

A

H

A

U

C

P

A

M

D

C

U

D

I

D

S

U

F

C

P

I

C

P

R

C

O

A

U

B

C

V

C

A

D

M

T

C

B

C

A

F

I

C

M

D

I

C

K

T

F

A