What is Click Injection?

Click injection is a sophisticated form of click-spamming. By publishing (or having access to it, such as via a monetization SDK) an Android app which listens to “install broadcasts”, fraudsters can detect when other apps are downloaded on a device and trigger clicks before an install completes. The fraudster then receives the credit for installs as a consequence.

Why is Click Injection Important?

Most obviously, fake ad engagements siphon off advertising budget that could have been used to reach more people. Beyond theft, it’s important to look at the way click injections function. While the ad-engagements themselves are fake, the transactions (and events that occur) are not. As such, the faked ad-engagement will be attributed to, which results in the poaching of an organic conversion or that of another legitimate advertising partner.

This can mean that advertisers continue to invest in advertising that is relatively ineffective, potentially diverting money from better-placed and better-designed campaigns. That, or they end their association with a partner who could be, in general, a source of good traffic.

What Are Install Broadcasts?

Install broadcasts are signals sent from a newly installed app (or an app which changes status in some way, such as when it is uninstalled) on Android devices. This feature is handy for creating a tight connection between different apps, by allowing apps to e.g. streamline login with a deep link to a recently installed password manager, or give users more direct options to transfer into a specific web browser.

Reference: “Adjust,” Retrieved – 23 April 2018