1. Time to install (TTI)
As I mentioned in the first article , the TTI depends on:
the user's internet speed
the size of the app to be installed
These two factors allow you to calculate an average TTI and to show gaps. An example of this is to show how many installs were opened within 10 seconds after the click. Visualizing the data on a dashboard helps to spot these faster. Below is an example.
Example of Time to Install for 'healthy' behavior (top) and 'abnormal' traffic (bottom).
Also, don’t forget to just look at the local timestamp of the click or conversion. Anomalous behavior would be if the majority of clicks occurred between 1:00 and 6:00. Use timezone calculations per campaign if your database uses one standard timezone for the time of the click or conversion.
2. Conversion Rate (CR) or Clicks to Install (CTI)
While TTI is an important metric to separate good traffic from bad, it becomes even more useful when combined with conversion rate (CR) or clicks to install (CTI). A long TTI (e.g. over an hour) combined with a low CR indicates that it took a lot of clicks to download the app and even longer to open it. This shows that users are not engaged with the ad.
A high CR, on the other hand, could indicate that users were stimulated to download the app, also known as incentive traffic . This is usually a group that does not use the app for long, making them less interesting for the advertiser.
Below is an example of the TTI + CR combination.
Conversion rates organized into Time to Install 'buckets'. Circled: 1) high percentage of installs after 1 hour, 2) too low CR, 3) low CR and high percentage of installs within 10 seconds
3. IP + User Agent
IP addresses can be spoofed to hide the source. But japan phone number list the combination of an IP and a device's User Agent is one approach to fingerprinting . So if fraudsters want to use click spamming , stuffing or ad stacking , this will be reflected in the click logs. This does require some processing power from your computer.
The graph below illustrates the number of clicks for a publisher per IP address in a day.
Number of clicks per IP address for one publisher in one day.
You’ve probably noticed that the same IP address is used for multiple campaigns within a short period of time. Can you see yourself clicking on multiple campaigns within a minute? More advanced fraudsters use a proxy to achieve diversity in IP addresses. To overcome this, we break the IP address into a range and analyze the clicks in a similar way to install fraud.
With ad stacking or pixel stuffing (and sometimes even other techniques) we see clicks from the same publisher at exactly the same time for multiple campaigns. Below is an example.