In-App Fraud Protection — MediaSafe
Mobile / In-App

In-App Fraud Protection

Detect install and in-app ad fraud from mobile networks via server-to-server postbacks. Click injection, click flooding, emulators, device farms and datacenter traffic — scored in real time, with reverse postbacks to reject fraudulent installs.

What is in-app fraud?

In mobile advertising, fraudsters fake installs and engagement to steal attribution budgets. MediaSafe measures the signals that expose them — starting with CTIT (Click-To-Install-Time), the gap between the ad click and the app install.

1. Install postback (S2S)

Your ad network sends a server-to-server POST for each install to https://ingest.mediasafe.cc/ai. We compute CTIT, enrich the IP (datacenter/proxy/country), check emulator flags and device-farm velocity, then return a verdict.

POST https://ingest.mediasafe.cc/ai
Content-Type: application/json

{
  "site": "as_XXXXXXXX",
  "device_id": "GAID_OR_IDFA",
  "click_ts": 1737000000000,
  "install_ts": 1737000300000,
  "source": "Unity Ads",
  "publisher": "sub_pub_id",
  "ip": "203.0.113.9",
  "ua": "Dalvik/2.1.0 ...",
  "bundle_id": "com.your.app",
  "platform": "android",
  "is_emulator": false,
  "is_rooted": false,
  "device_hash": "device_fingerprint"
}

Response:

{ "decision": "reject", "verdict": "givt", "score": 100,
  "reasons": ["click_injection"], "ctit_ms": 3000 }
FieldDescription
decisionaccept / reject — advisory verdict
verdictclean / givt / sivt (IAB categories)
ctit_msClick-to-install time in milliseconds

2. In-app ad events

Report in-app ad impressions and clicks to https://ingest.mediasafe.cc/ae. Each event is scored for bot/emulator/datacenter signals and feeds the ad-quality reports (viewability, IVT by format).

POST https://ingest.mediasafe.cc/ae
Content-Type: application/json

{
  "site": "as_XXXXXXXX",
  "device_id": "GAID_OR_IDFA",
  "kind": "impression",
  "placement": "main_banner",
  "ip": "203.0.113.9",
  "ua": "Dalvik/2.1.0 ...",
  "is_emulator": false,
  "viewable": true,
  "bundle_id": "com.your.app",
  "ad_format": "banner"
}

kind is impression or click.

3. Reverse postback (reject install)

When an install is scored as fraud, MediaSafe fires a GET to your configured URL so the network can reject the install. Configure it in the dashboard under In-App → Settings. Available macros:

https://network.example.com/reject?device={device_id}&v={verdict}&s={score}
MacroValue
{device_id}Advertising ID (GAID / IDFA)
{verdict}clean / givt / sivt
{score}0–100
{reason}Top fraud reason
{source}Ad network / source

What you get

Getting started

In-App fraud protection is available on Business and Enterprise plans. To connect your ad network, reach us at support@mediasafe.cc.

Open dashboard →