Leve seu aplicativo para o próximo nível com o Affise MMP (Mobile Measurement Partner)
Aderir agora ⚡

Português

Logar

 Inscreva-se gratuitamente
Back to Glossary

Click Spamming

i

Fraudulent clicks generated in large volumes in hopes of claiming organic installs.

What is click spamming?

Click spamming, also known as click flooding, is a form of mobile ad fraud where malicious actors simulate clicks that never occurred from real users. This practice aims to hijack attribution for app installs they did not influence, typically organic ones, to collect illegitimate payouts.

How does click spamming work?

Click spamming involves sending a high volume of fraudulent ad clicks to an attribution platform. These clicks are generated programmatically and designed to look exactly like legitimate user interactions. To the MMP, these requests appear genuine. The critical difference is that no ad was ever displayed to a real user, and the user took no action.

Fraudsters deploy several technical methods to generate these fake clicks:

  • Hidden scripts in mobile webviews: malicious code runs in the background of a webview within an app, firing clicks without user consent.

  • Compromised SDKs: software development kits (SDKs) integrated into apps can be manipulated to send fraudulent click data.

  • Background processes: apps with system-level access can trigger clicks in response to normal device events, such as unlocking the screen or launching another application.

These methods enable a range of deceptive tactics, including creating invisible clicks, simulating fake engagement, generating continuous clicks from background apps, misreporting impressions as clicks, and spoofing device IDs to mimic unique users.

How does a fraudulent click spamming cycle look like?

  1. Normal user activity: a user opens an app on their device and performs a routine action.

  2. The silent click: a fraudulent app or SDK on the same device sends a fake ad click to the MMP in the background. The user sees no ad and is completely unaware.

  3. False record: an MMP receives and records this click as a valid engagement.

  4. Organic install: later, the same user independently decides to download and install a promoted app organically (e.g., via a search in an app store).

  5. Faulty attribution: due to the standard “last-click” attribution logic, the MMP credits the install to the earlier fake click.

  6. Financial loss: the advertiser pays a payout for an install that was driven by a fraudulent click, not by their marketing efforts.

How to detect and prevent click spamming?

Defending against click spamming requires moving beyond simple last-click attribution analysis. Key prevention strategies include:

  • Analyzing click-to-install time (CTIT): a high volume of clicks with an impossibly short or unusually long CTIT is a major red flag. Organic behavior typically falls within a predictable range.

  • Monitoring for abnormal click patterns: a sudden, massive spike in clicks from a specific source with a very low conversion rate is a strong indicator of spamming.

  • Implementing rate limiting and filters: advanced MMPs use algorithms to identify and automatically filter out sources generating an unrealistic number of clicks per device or IP address.