Advanced Android Fraud Protection FAQ

Learn about Singular’s advanced methods for protecting customers from attribution fraud in Android devices and the Google Play Store.

Make sure to read Singular Fraud Prevention first for an introduction to Singular Fraud and a list of all available protection methods.

To learn how to activate and configure each fraud method, see Configuring Fraud Settings.


Android Install Fraud

What is install fraud?

While other types of attribution fraud rely on stealing the credit for legitimate app installs, install fraud is based on the creation of fake installs and fake users for the purpose of getting the installs attributed.

Install fraud appears in a variety of forms:

  • Device farms: Fraudsters get a large number of devices, use them to click on tracking links and install apps, then open the apps and delete them. The fraudsters reset each device’s Android Advertising ID (or IDFA, on iOS) before the next use.
  • Emulators and bots: As a technological step up from device farms, emulators and bots are used to simulate having a lot of devices and a lot of people who click on tracking links and install apps.
  • SDK Spoofing: Instead of actually installing an app, the fraudsters fake the MMP’s SDK traffic to send fake install reports.
  • Malware: Malicious apps install legitimate apps on users’ devices without the users’ knowledge or permission.

Fraud Prevention providers have mostly been using various statistical methods to detect install fraud, but these methods have weaknesses, and fraudsters have found ways to work around them and avoid detection.

How does Singular protect me from install fraud?

To tackle install fraud, Singular has developed Android Install Validation - a new, deterministic method of evaluating an install and making sure it is legitimate. Android Install Validation detects and prevents all known forms of fake install attacks at a significantly higher level of accuracy than any tools developed previously.

While the Google Play Store doesn’t provide install receipts like the Apple App Store's, there are signals that the Play Store provides and Singular collects in order to make sure that the app was installed from the Play Store by a real Play Store user.

Singular also makes sure the same user isn’t responsible for a large number of installs.


  • Android Install Validation works only on installs coming from the Google Play Store (as most Android app installs do).
  • This method requires integrating the Singular SDK version 7.4.1 or above.
  • By Adding Your Google Play Licensing Key, Singular can verify install receipts cryptographically.
How do I use Android Install Validation?

To avoid triggering Android Install Validation, fraudsters may try to have their app report that it was not installed from the Play Store and/or that the SDK version is older.

We recommend adding custom (user-defined) rules in order to:

1. Detect non-Play Store installs

Detect installations outside of the Play Store for campaigns and sources that should point only at the Play Store.

Rule example:


2. Detect installs by outdated SDK versions

Once you update the app’s SDK, there aren’t supposed to be any new installs of the app with an older SDK.

Rule example (make sure to specify the right SDK version for your app!):


To learn how to create rules, see Configuring User-Defined Fraud Rules.

Android Click Injection

What is click injection?

In click injection, the fraudster monitors a real user’s device for app installs - usually through a malicious app that has been installed on the device. When the user installs a new app, the malicious app creates a fake click (or impression) in order to hijack the app install attribution.

How does Singular detect click injection?

Singular uses Google Play Referrer values and timestamps to detect impressions and clicks that occur after users were directed to the Play Store or initialized an install.

These fake impressions and clicks can then be rejected.

Android Organic Poaching

What is organic poaching?

In Organic Poaching, a fraudster claims credit for an app install that is in fact organic and should not be attributed to any source. This fraud can be achieved through either click spamming or click injection.

Organic poaching is costly for advertisers as it makes them pay for users who have in fact converted organically.

How does Singular detect organic poaching?

Singular’s Organic Poaching Protection method detects signals from the Google Play Store that an app install is organic (not associated with any ad clicks). Any clicks associated with this install can then be identified as an organic poaching attempt.

Note: This protection method may trigger high percentages if a network sends impressions instead of clicks. Customers can prevent this by using custom rules to apply Organic Poaching prevention only to relevant sources (see Configuring User-Defined Fraud Rules).

Was this article helpful?