Fraud Reports and Fraud Logs: FAQ and Troubleshooting

You can get information about the fraud cases in your campaigns in several ways:

  1. Aggregated reports: For aggregated fraud data, Singular provides the Rejected Report, Suspicious Report, and Protected Report.
  2. Fraud logs: To view detailed data about every single fraud decision, you can download the raw logs of Singular's fraud prevention system. Go to Attribution > Export Logs and pick the Fraud log type. For more information, see the Export Logs and User-Level Data FAQ.
  3. Fraud postbacks: To be notified in real time about fraud decisions, set up fraud postbacks to be sent to your internal BI dashboard. For more information, see the Fraud Postbacks FAQ.



Why did I just get a fraud alert e-mail?

Singular automatically creates an alert to help you track increases in fraud for a given app and OS from a specific Source. The alert checks on a daily basis if the total rejected for the last 7 days is higher than 10% of the total installs. This will help you be aware of potentially problematic traffic sources.

Once you've received this alert, it can be helpful to dig into the data some more. Head to the Rejected Report and drill into the data. Look for things like:

  • Rejected Reason: what fraud rule triggered the install to be tracked as fraudulent? You can optimize the setting in Global Settings and add either stricter rules or remove certain rules.
  • Publisher Data: depending on the network, you might also be able to review the Publisher ID, Publisher Name, or Site Public ID. If you are getting the majority of rejected installs from a problematic publisher, consider blacklisting that source.
Why is the Android Install Validation rule marking many installs as suspicious even though I haven't implemented the Google Play licensing code in the SDK?

The Android Install Validation fraud rule is triggered if:

  • There is a problem with the licensing response from Google Play
  • OR if a licensing response hasn't been sent for the device at all.

The reason it works this way is that otherwise, fraudsters could just omit the Google Play licensing check and avoid detection.

If you haven't implemented Google Play licensing support in the SDK in your app, the rule is just triggered whenever there is an Android install sourced from Google Play.

We suggest:

  1. Turning of the rule until you implement the proper code in your app.
  2. After implementing the code, create a custom fraud rule to apply Android Install Validation only to versions of the app that support it.


Fraud Aggregated Reports FAQ

What are the Rejected Report and the Suspicious Report?

The Rejected Report page (Fraud Prevention > Rejected Report) shows you how many installs were rejected, the estimated fraud CPI, and the estimated saved costs.

The report can be broken down by the rejection reason (the method or rule that caught the fraud attempt) as well as usual dimensions such as app, OS, campaign, and country.

The Suspicious Report page (Fraud Prevention > Suspicious Report) functions similarly to the Rejected Report, but shows installs that were marked as suspicious instead of being rejected.

Because the installs in this report were allowed to be attributed normally, you can also see cohort metrics about them, such as the revenue.

What is the Protected Report?

The Protected Report page (Fraud Prevention > Protected) gives you information about cases in which you were protected from a fraud attempt by Singular's fraud prevention system.

The installs in this report are legitimate installs. One or more of their associated touchpoints was rejected for fraud, but then Singular went on to find the legitimate touchpoint to which the install could be attributed.

Use this report to get additional information about where and how you are targeted by fraud. For example, you can see how many of your organic users are targeted, or whether a specific network or campaign have been targeted more than others.

What is the "Fraud Reason"?

The Reason dimension in fraud reports shows the name of the fraud method or custom rule that caused the install to be rejected or marked as suspicious.

Use this dimension to gauge the impact and usefulness of different rules.

What are "Estimated Fraud CPI" and "Estimated Saved Cost"?

These metrics are found only in the Rejected report. They are defined as:

  • Estimated Saved Cost - an estimation of the cost of the fraudulent installs, based on the daily cost per source.
  • Estimated Fraud CPI - an estimation of the average CPI per fraudulent install, based on the estimated cost and number of rejected installs per source.
How is "Estimated Suspicious Cost" calculated (in the Suspicious Report)?

To estimate the suspicious cost (total cost for suspicious installs), we first find the CPI (cost per install) for the relevant app + OS + source (network) + date. This is the same CPI you can see in the Reports page, e.g.:

Then we multiply the CPI by the number of suspicious installs:

Fraud Logs FAQ

How do I get information about click IDs that have been marked as suspicious by Singular?

To investigate the click IDs found as suspicious, use the Export Logs page:

  1. In the Singular platform (or partner portal, if you're a Singular partner), go to Attribution > Export Logs.
  2. Select the log type Conversions and select the fields Partner, Click ID, Fraud Status, and Fraud Reason.
  3. Download the log and filter the table by Fraud Status = "Suspicious".


How can I learn more about my "untrusted installs"? How do I access more data about them?

An untrusted install in Singular means that the install event itself was found to be fake (as opposed to a real install with fake clicks or impressions). This happens, for example, if the install event comes from a blacklisted IP that is associated with bot activity.

Untrusted Installs in Aggregated Reports

To see aggregated data about untrusted installs:

  1. Go to Fraud Prevention > Suspicious Report.
  2. Filter by Source = "Untrusted".

Untrusted Installs in User-Level Data (Fraud Logs)

To see user-level data about untrusted installs, you can use the fraud logs:

  1. In the Singular platform (or partner portal, if you're a Singular partner), go to Attribution > Export Logs.
  2. Select the log type Fraud and select the fields Partner, Fraud Reason, and Fraud Status.
  3. Filter the report by Attributed Partners = "Organic".
  4. After you download the report, filter the spreadsheet by Fraud Status = "Rejected".