Skip to main content
Apple announces iOS 15 at WWDC 2021. LEARN MORE Apple announces iOS 15 at WWDC 2021. LEARN MORE

Get Your Ad Spend Out of Jail

By September 7, 2021Blog, Fraud Prevention

Catch Jailbroken Device Fraud

Fraud wears many masks, and fraudsters are using jailbroken devices with no or customized operating systems on them to perform a variety of fraudulent tactics. 

Jailbroken” iOS phones or “rooted” Android ones are devices in which the operating system has been deleted, replaced, or has had restrictions removed so that the user has access to features normally prohibited. Users may jailbreak devices intentionally to have more control over their device, customize its look, and/or download apps outside of the mainstay app stores (called “sideloading”). However, it’s no surprise that these phones are also more susceptible to fraud through malware. Fraudsters have used jailbroken devices to automate ad fraud through emulators and custom scripts that execute app installs and in-app events.

Identifying fraud

The Kochava software development kit (SDK) uses proprietary processes to identify jailbroken devices. Since these devices are still able to download apps legitimately from the app store, they’re not considered fraudulent by default. It’s actually quite normal to have a small amount of jailbroken devices in a campaign. The Kochava FoundryTM team has observed that between 3% and 5% of normal campaign traffic may come from jailbroken devices. When jailbroken and rooted devices occupy a much larger share of total traffic, suspicion should arise. 

How many jailbroken devices is too many?

Fraud detection tools can only go so far and are not designed to catch all anomalies because a fair amount of legitimate traffic would be omitted too. As such, identifying fraud is often a collaborative effort between an app marketer and the Kochava Foundry team. In the case of one client, their team detected several jailbroken devices on their end and asked the Foundry team to validate their findings, research further and obtain intel about the media partners involved.

 Further analysis uncovered a small cohort of media partners, whose acquisition traffic showed 35% of iOS installs and 65% of Android installs were jailbroken or rooted. Compared to the average percentage of jailbroken/rooted devices among other media partners and organic traffic, this was a major outlier. Drilling down further to a publisher (site ID) level, the Foundry team observed that around 18% of the media partner’s sub-publishers on iOS campaigns had 100% jailbroken devices. Separately on Android, 10% of sub-publisher sites had 100% rooted devices. This intelligence enabled the marketer to collaborate directly with the media partner to root out (no pun intended) the bad publishers from the batch.

The tables above represent a more typical distribution of jailbroken/rooted devices in a campaign.

What signs can you watch out for?

While jailbroken/rooted devices aren’t behind every type of fraud, here are some signs you can be on the lookout for. If you see them, ask questions and get in touch with our team to help investigate. 

Abnormally high post-install events: Fraudsters give marketers the success they want to see. If there is an atypically large number of your target conversion event being reported, make sure it’s legitimate. The Foundry team can help and in validating, there is always a possibility of uncovering a deeper level of fraud whether jailbroken-related or other. Pay for the success you’ve earned, not one that might be inflated.

Great acquisition performance. Poor down-funnel performance: Sometimes, the way fraudsters hide is the very thing that gives them away instead. If there is a large number of installs but poor post-install event performance, something’s amiss. Evaluate the time-to-install (TTI) and time-to-event (TTE) distribution to ensure there isn’t a disconnect. By mapping these two metrics, fraud may emerge as a cluster of installs with a disproportionately abysmal lack of post-install activity. 

Takeaway: Know the signs of jailbroken device fraud

As a general rule, too much of anything in a campaign may be reason enough to investigate its validity. When anomalies can’t be explained, that’s when it’s time to get experts involved. 

Want to know how the Foundry team can help you? Request a free consultation