Impression-level Fraud on iOS 14 and Android

Fraud is often identifiable through the analysis of data passed in the impression request (bidstream data). Because spend is not required to access this data, the application of a proactive approach to fraud identification at the impression-level is a core duty of any market-considerate platform. At Kaden, we run impression-level fraud prevention rulesets against any and all impression requests we receive. We are, at all times, continuously reviewing, iterating and improving on a protected environment for advertisers through impression-level site, device and IP blocklisting. 

Blocklists are important tools – we’ll discuss how we add to ours.

How do we do it: Location 

Let’s take a look at one of the many interesting ways this protected environment can be achieved, for instance, through locational data. With IP data we can develop a good understanding of the geographical location of a device when it calls an impression. 

Quick fact: IP data, along with LatLong data points and etc. allow us to develop hyper locational-targeted and geo-fenced campaigns for our partners.

If we then see an impression request from the same device many hundreds of miles away within a short period of time, well, we can say with reasonably probability that the device has been compromised. As most humans can’t travel 300 miles in half an hour, the implication that VPN fraud is occurring is developed, the device is immediately blacklisted, and all impressions from it will be rejected moving forward. 

How do we do it: Timing 

The most basic indicator of fraud at the impression-level, however, is timing. Did a click occur before an impression was served? That’s fraud. A real user has to see an ad in order to click on it; only a bot or malicious app can send click data before a call to action has become visible. Did a click happen less than a second after the impression was presented to the user? One or two seconds, depending on the placement and format of the app, sometimes isn’t enough for the CTA to appear so there may be an issue with fraud. Has the device requested hundreds of impressions in a few minutes, or are we seeing significant volumes of impressions at unusual times of the day? Well, it’s likely we have a machine (or someone’s pulling an all-nighter!). Generally speaking, we want to consider the speed with which human beings typically interact with apps and advertisements and apply rules to blacklist anomalies. 

A user must see an ad before they can click on it, click on it before they can install it, and install it before they can complete an in-app purchase.

How do we do it: Events 

There are other events to be monitored in co-ordination with bidstream data at the impression-level. While these events can only be analysed after an impression has been served, and so have a cost, the opportunity to spot particularly crafty fraudsters and blacklist their devices and sites is available. For example, our playable and video creative units are built with imbedded custom events which allow us to understand the progress of users through our creatives once they have been served. These events normally allow us to better optimise creative development but, in the case of identifying fraud, these events cannot fire before a user has conducted the physical task of engaging with the ad. No human then is capable of clicking on one of our calls-to-action without completing a defined series of moves in a playable or watching through a video. If we see a click without other action events, the device is blacklisted and the site is immediately analysed for further evidence of malpractice. 

Use-events help deter fraud.

It is important to note that creative event data will become even more valuable post iOS 14. As device level data is likely to be significantly reduced, ad units which do not have custom use events – display banner, display interstitial and native – will become a prime target for fraudsters, with impression and click fraud through those units likely to increase dramatically. At Kaden, once an impression is purchased, we have the power of our creative units to help indicate where fraud is occurring regardless of device-level data. 

Site Level Considerations 

There are some limitations at the impression-level. For instance, a number of our rule sets specifically look for unusual behaviour from sites – dramatic or erratic increases in impression requests, e.g., which can infer bot farm usage – but we have to factor in that some apps are simply used more heavily at certain times. Sports apps are used more heavily during games. Dating apps are more heavily used in the evenings and on weekends. So, while we want to apply rules that solve macro problems, we are constantly refining and adjusting strike systems to avoid false positives. This is a core challenge that we face – how to apply rules to manage the vast quantities of traffic while avoiding the loss of genuine opportunity. 

It’s important to consider when and where your users are likely to be active.

To help us identify explainable actions versus unexplainable potential fraud, share your knowledge. If you know the ideal user for your app may be active at odd times, keep your programmatic partners informed – we can relax time-based rulesets and apply time-targeted campaigns. We are real people monitoring complex machine learning algorithms – we want to tailor our programs to work to your advantage. 

Impression-level fraud identification in the future 

For now, we receive and track device-level data, but, as you’re probably aware (and as we alluded to earlier), one of the device ID types that our industry relies on is depreciating soon (kind of) with others likely to follow. As long as we are able to do so compliantly, we will continue to match impressions to devices to avoid fraud, but we can’t ignore the fact that a device-ID-less world is simply a better world for fraudsters. At Kaden, we are in the extremely fortunate position of being able to analyse use-events within our creatives to avoid fraud and block sites in ways few other platforms can, but, overall, the capacity to block fraud before an impression is purchased is inarguably weakened without device ID data. 

We are constantly working to improve fraud-detection, especially with new technological developments.

There are a few things, some which we’ve already discussed, that advertisers can do to help us to avoid impression-level fraud proactively. 

  1. Transparency. By sharing data with us, including information about your ideal user’s habits, blocklists of sites you know have tested poorly for your app in the past, and whitelists of sites you trust, you enable us to stop fraud more quickly and efficiently. 
  1. Reviewing your dashboard and data. We provide you with a reporting dashboard and full data transparency so that you can analyse the numbers. We know you know your app best – if something seems unusual in the reports, let us know. 
  1. Third party integrations. Kaden is already integrated with multiple third-party anti-fraud tools, and MMPs! If you’re using one of our partner tools, we’ll transmit all the necessary data. If you’re using a tool we’re not, and it helps stop invalid traffic, we support that too. 


In conclusion, we are always looking for unique and creative ways spot fraud at the impression-level. The less we spend on fraud, the more spend goes toward ideal users. Kaden already takes a proactive approach to fraud prevention before purchasing impression but it’s a tough battle and we can only succeed through transparency at every step of the process. If you have any questions about our impression-level fraud prevention rulesets, or how platforms like Kaden may look to avoid fraud post iOS 14, please don’t hesitate to reach out. 

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email

Subscribe to Kaden Updates

More To Explore

Contact Us

Ask how we can help