• Jagmeet Singh

Busting the OEM Myths



During the first quarter of 2021, OEM app stores acquired nearly 42% of the global market share. OEM refers to original equipment manufacturers, and in mobile terminology, it caters to brands like LG, Redmi, Realme, etc. Such companies offer personalized app stores, and brands can obtain premium leads through OEM advertisements. Moreover, unlike Google Play Store, OEM apps are perceived relatively safer and fraud-free.



The cost of advertising on OEM stores varies upon the type of placement. OEM advertising has two broad categories: pre-installed apps and app store promotion. Pre-installed apps are a gateway to new users as they are visible on screen upon first-time phone usage. App store promotion is an icon & browser-based promotion, hot downloads, and recommended apps on an OEM app. In mobile terminology, OEM stores are even referred to as alternate play stores, as they are pre-installed in addition to Google Play Store.

OEM advertisements have opened doors to an untapped market, wherein brands can directly connect with the targeted traffic. Moreover, advertisers believe that they can generate higher ROAS and not worry about fraud, as the mobile manufacturer ensures exclusivity. OEM stores are mainly used for app installation. According to sources, OEM stores can boost app installs by 5x higher than the standard advertising methods.

Does the App You are Promoting Require OEM Type Traffic?

OEM app stores offer high-quality users and increase the visibility of the app. Moreover, it is an optimum platform for boosting installations. Apps removed from Google Play Store can use the alternate app store to increase their market growth.

The third-party app stores receive security certification and clearance from the manufacturer. But unfortunately, they may not take the measures like Google Play Store apps when it encounters potentially harmful apps (PHA).

Therefore, it is necessary to decide whether putting the app on an alternate store with lower protection levels against ad fraud can cause more harm than benefit?


Look at the Data Points


When receiving installs, carefully look at the app versions used. Many times, fraudsters may display fake installs using an archived app version. Moreover, sudden spikes in conversion levels should also match the click levels. If you find discrepancies, it is most likely due to ad fraud. Closely monitor and question the type of traffic. For example, is the correct targeting happening or a plain install campaign? E.g., what is the percentage of the handsets traffic in installs vs. reality? Are the installs happening on older handsets?

Besides this, do a simple click to conversion analysis and see what the graph looks like, and does that make any sense? Then, check your backend/KPI's are they getting met or not?

Issues with OEM Advertising


Merely Runs on Faith


Advertisers believe that OEM app stores offer brand-safe environments because they trust the OEM mobile manufacturing brand. The two-way communication between the advertiser and the brand ensures transparency in this relationship.

Building a two-way trust helps in increasing the app installs, but how does it prove that they are legit? Do you have to leave that on trust too? Moreover, does it eliminate the possibility of duplicate/fake apps? So, are alternate app stores offering a brand-safe environment, or is it an illusion?

Moreover, the recent malware release through the Netflix duplicate app on an alternate store is sufficient proof that "yes" is a questionable answer to any of these questions. If it were true, ad fraud elimination companies wouldn't be working hard and fast to detect data anomalies.

Nobody Goes Behind and Checks What is the Actual Source? Is the Actual Source and Claimed Source to be Same or Different?

The transparency between the OEM and advertisers often leads to the belief that the actual and claimed source would remain the same. However, if advertisers go in-depth and review, they would find many discrepancies.

For example, fraudsters display fake installs by cloning the SDK of an app and using different means of installation. Sources state that 13-18% of third-party app installations happen majorly through fake devices and other ad frauds. At times, users are unaware of the app install.

Fraudsters also use cloned installs to display "x" installation of the advertiser and achieve monetary gain. Moreover, cybercriminals even add malicious codes to these apps and conduct more ad fraud in the background.


By Default, these Sources are Whitelisted on MMP's.

Commonly, an MMP receives click and impression attribution after a user clicks on an ad. The "install" attribution happens whenever a user opens an app for the first time. Such in-app OEM installs, impressions, and clicks are commonly whitelisted by MMPs. However, fraudsters register fake impressions and clicks with the MMP. Moreover, they even use spoofed SDKs for faking "install" attribution on the real device and report the same to the MMP.

Another common method of stealing attributions for organic and inorganic install on MMP is through click spamming, wherein fraudsters fire clicks until they claim the last click attribution. When analyzed, the install to attribution ratio goes beyond the 1:8 ratio. Therefore, the default misattributions by MMPs are causing analytic and reporting discrepancies.

How they Get Themselves Whitelisted and Start Mixing Traffic Fooling Everyone?

At present, the decision to recognize sources to include in the whitelist lies with the MMPs and includes numerous fraudulent attributions. Moreover, the whitelists are created by default, and the advertiser has no say in the whitelisting decision, even though the advertiser is making the payments.

As such, the advertiser believes that the MMP is doing its due diligence and providing accurate attribution results. Moreover, the results provided by the MMP motivate the advertiser to increase the advertising budget and the payout to the fraudster.

Similarly, outdated app or SDK version installation is typical fake installs used by fraudsters. Moreover, the fraudulent ad network may make the fake attributions appear organic to boost the installation's legitimacy.

Furthermore, cybercriminals may even use the older version of the SDK for displaying purchase rates. In reality, there is no purchase from the fraud ad network, and neither does an attributed/organic install happen.

How to be Cautious/Preventive?

OEM advertisers should not take the manufacturer's word for the reported number of installs or in-app actions. Instead, the advertisers should make deliberate efforts to check the install to attribution ratio and other ratios.

Moreover, OEM advertisers should not assume that the two-way transparency would create a brand-safe environment. Therefore, checking the app version downloads, install updates, and SDKs should become a habit.

By doing so, advertisers can report fraudulent installs, older versions, and spoofed SDKs in the network and diminish ad fraud in the market. Furthermore, eliminating malicious SDKs would help to avoid future ad fraud.

As stated before, fraudsters use the existing version of the app and might not be responsible for regularly updating it. Therefore, the brand/advertiser should watch out for their app versions being misused by fraudsters in third-party stores. The fraudsters are not only affecting the attributions through un-entitled usage but also delivering a bad user experience and tarnishing the brand reputation.

Even after keeping transparency with the OEM brand, it should constantly make efforts for separate checks. Brand/advertisers can begin their verification journey by overcoming the myth that third-party/OEM stores are fraud-free.

How mFilterIt Detected Fraud on OEM Sources?

A brand wanted to know whether the reported installs by their MMP were correct? Upon analyzing mFilterIt discovered that that click to install ratio had peaking discrepancies. Moreover, the duration of the installations was staggeringly higher than their standard.

While analyzing the installation source, mFilterIt encountered older version downloads, wrong device IDs, and unrecognizable click activity that could only attribute "bots." The sophisticated bot was also acquiring attributions by firing clicks in the background.

The OEM platform had promised a brand-safe environment to the app owner. Moreover, the bot had malicious code through which it was listening to "install broadcasts," injecting last-click to acquire organic installs' attribution.

Conclusion

Ad fraud is prevalent in OEM app stores as fraudsters continuously seek new sources of making money. The alternate app stores also attract them because of the low application security levels compared to Google Play Store or Apple Store and an even lower chance of app blacklisting.

SDK spoofing, app cloning/duplicity, fake installs, etc., would also remain forever as they can lead to account/device takeover, access to install broadcasts, and acquiring ad attribution. Therefore, a full-scale solution like mFilterIt’s Ad Fraud elimination is mandatory for detecting analytical anomalies, eradicating ad fraud, and getting genuine reports.

Resolving ad fraud from OEM app stores would create a brand-safe environment and help brands to foster their relationship with legit affiliates. Moreover, it would increase the app open and purchase rates. Hence, brands would achieve higher revenue with incorporated security measures.

0 comments