Click Injection filtering

Click Injection is when a fraudster sends a fake ad engagement between an app download and the first session, intending to steal the attribution from another source. It typically occurs after the fraudster publishes or gains control of an Android app to detect when other apps are installed on a device. Click Injection filtering prevents fraudsters from stealing attribution from other sources by sending a fake ad engagement between an app download and the users' first session. Adjust’s filtering protects your dataset from illegitimate attributions and maintains the integrity of your reports.

Growth solution:
The Fraud Prevention Suite is available as an Adjust Growth Solution. To get Fraud Prevention on your account, contact sales@adjust.com.

How it works

Click Injection only affects Android traffic because the Android operating system uses broadcasts to alert other apps when changes occur on the device, for example, when a new app is downloaded. Any of the other apps on the device can use a broadcast receiver to listen to such broadcasts. Through these broadcasts, an ad publisher with a pre-existing app on a device can learn when a new app is being installed. With this information, they can configure their app to send an ad engagement after installation of the targeted app was initiated by the user, but before the users’ first in-app session. This would result in a last click that's impossible to beat, allowing fraudsters to illegitimately claim attribution for installs they didn’t drive.

Adjust uses deterministic timestamps to prevent attribution to fraudulent engagements so your attribution dataset always remains accurate and actionable. Our filtering process depends on where the install comes from.

For installs from the Google Play Store and Huawei AppGallery

Google and Huawei’s referrer APIs provide timestamps that can be used to show if click injection has taken place. First, we compare the time of an engagement to the install_begin_time timestamp; if an engagement is delivered after this timestamp, it's likely a product of click injection.

A second layer of filtering, using the same logic, happens using the install_finish_time timestamp, collected by the Adjust SDK.

For installs from other sources

For installs that occur outside of the Google Play Store and Huawei AppGallery, Adjust's filtering relies on the install_finish_time timestamp. This is because there is no Referrer API to deliver the install_begin timestamp. Engagements received after the install_finish_time timestamp will not be rewarded with the attribution.

Click injection filtering data in reports

Attributions rejected for Click Injection will appear for the respective source under Rejected Install; Click Injection (RI CI) in your reports. Additionally, Adjust will attribute the install to the legitimate source, or if there was no other legitimate engagement, as Organic.

Reattributions rejected for Click Injection appear under Rejected Reattribution; Click Injection (RR CI) in your reports, and are included in the KPI Rejected Reattribution. To receive additional details about rejected reattributions, add rejected_reattribution to your callbacks.