Click injection filtering

Click injection filtering prevents fraudsters from stealing attribution from other sources by sending an ad engagement between an app download and the first session. 

Adjust’s filtering protects your dataset from illegitimate attributions and maintains the integrity of your dashboard reporting. Click injection only affects Android traffic because the Android operating system uses broadcasts to alert other apps when changes occur on the device.

Set up click injection filtering

To set up click injection filtering, follow these steps in the Adjust dashboard.
  1. Find your app and select your app options caret (^)
  2. Select All Settings > Fraud Prevention
  3. Switch the CLICK INJECTION FILTERING toggle ON

View your statistics

Attributions rejected for click injection will appear under Rejected Install; Click Injection (RI CI) in your Deliverables. Adjust will attribute all rejected attributions to the next available source or to your Organic tracker.

Reattributions rejected for click injection will appear under Rejected Reattrbution; Click Injection (RR CI) in your Deliverables, and are included in the KPI Rejected Reattrbution. To receive additional details about rejected reattributions, add rejected_reattribution to your callbacks.

To view your statistics, follow these steps in the dashboard.

  1. Find your app and select your app options caret (^)
  2. Select Statistics
  3. Select the Fraud Prevention tab

FAQs

What is click injection?

Click injection is when a fraudster sends an ad engagement between an app download and the first session, intending to steal the attribution from another source. It typically occurs after the fraudster publishes or gains control of an Android app to detect when other apps are installed on a device.

Why does click injection only affect Android traffic?

One of the things that makes click injection possible is the Android broadcast system. A broadcast is a message that the Android operating system sends to the device; for instance, when a new app is downloaded. Any of the other apps on the device can use a broadcast receiver to listen to one of these broadcasts.

Through these broadcasts, an ad publisher with a pre-existing app on a device can learn when a new app is being installed. With this information, they can configure their app to send an ad engagement after installation of the targeted app has finished but before the first in-app session. This would count as an install in Adjust.

How does click injection filtering work?

Adjust uses timestamps to filter out fraudulent engagement so it never reaches your attribution dataset. Our filtering process works differently depending on where the install comes from.

For installs from the Google Play Store and Huawei AppGallery

Google and Huawei’s referrer APIs create timestamps that can be used to show if click injection has taken place. First, we compare the time of a click to the install_begin_time timestamp; if a click is delivered after this timestamp, it's almost certainly a product of click injection.

A second layer of filtering happens using the install_finish_time timestamp, collected by the Adjust SDK.


For installs from other sources

Filtering installs that occur outside of the Google Play Store and Huawei AppGallery relies on the install_finish_time timestamp. This is because there is no Referrer API to deliver the install_begin timestamp. Clicks received after the install_finish_time timestamp are rejected as fraudulent.

On this topic