Leveraging lean period in Smartphone sales, FaDe is being used to get new installs for advertisers. Covid-19 has paused a lot of many marketing activities including several performance marketing campaigns aimed to get new subscribers/users for apps and other digital services. India is a mobile-first country, which has more than 500 million smartphone users, it makes all the sense to target the smartphone users to build on the base. In its continuous monitoring where mFilterIt validates over 150 million events a month, it recently discovered a BOT, coded at ‘FaDe’ which is being used to get sophisticated invalid traffic (SIVT), in this case users for many apps. There are at least 6 large advertisers impacted as indicated by early results. The key observation of this bot includes a sudden jump in the organic traffic of the advertisers! This bot seems to have been coded incorrectly resulting in many (roughly 40%) installs being tracked as organic (instead of inorganic, which would generate revenue for the publisher). This 40% resulted in organic traffic spiking for different advertisers, but with resulting transaction/install ratio’s taking a dip (since this bot was able to drive installs but not able to reach upto subscriptions) The key trends analyzed include: -
- Installs are predominantly coming from 4 specific Smartphone brands of Samsung, Xiaomi, Asus and Sony. These are not real users but BOTs simulating fake devices of these particular Smartphone brands.
- A smaller ratio of the installs, in the effort to diversify the brands, are happening on Smartphones which are either not sold anymore or sell very less. Prominent among them include Micromax, Swipe, and iKall.
- The new users are signing up on the app version which was launched in January by one of the advertisers. They had a couple of refreshes since then and the latest version was upgraded in April. However, the new signups of May from this bot were still happening on the January app version. The BOT was faking registrations as well as installs.
- The signups from specific Smartphone models are for very old OS versions. These are at least 3-4 generations old than what the brands are shipping their devices with. In each case, the BOT used these to exploit the lower security available on these Android releases to run itself.
- The BOT tries to balance and diversify itself and hence evades detection when using manual thumb rules or attribution platform checks.