What is SDK spoofing?

SDK spoofing (otherwise known as SDK hacking) is a type of bot-based fraud, often executed by malware hidden on an app. 

How does SDK spoofing work?

With this technique, fraudsters add code to an app that later generates simulated ad click, install, and other engagement signals to an attribution provider on behalf of another app.

When successful, this can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.

How to identify when an SDK was hacked?

Look for installs from an SDK version that you haven’t utilized – bots hide on an attacking app and will often send clicks and installs from SDK versions other than those used by your apps

Keep an eye out for spikes in installs from specific SDK versions because if these install spikes don’t coincide with your release schedule, there is a good likelihood you are being targeted by bots

Speak with your attribution provider and ask for a complimentary fraud exposure report

How to block this type of fraud?

Avoid measurement solutions that utilize Open Source SDKs because they are inherently a security breach and are much more exposed to reverse engineering and bot attacks.

Look for an SDK that has secure communications with their servers

Use a fraud solution that blocks bots

Search for a solution that has behavioral anomaly detection and that can automatically blocks non-human behavioral patterns, such as those originating from SDK hacking