In-App Fraud Protection
Detect install and in-app ad fraud from mobile networks via server-to-server postbacks. Click injection, click flooding, emulators, device farms and datacenter traffic — scored in real time, with reverse postbacks to reject fraudulent installs.
What is in-app fraud?
In mobile advertising, fraudsters fake installs and engagement to steal attribution budgets. MediaSafe measures the signals that expose them — starting with CTIT (Click-To-Install-Time), the gap between the ad click and the app install.
- Click injection: a fake click fired milliseconds before install to steal attribution (CTIT under ~10s).
- Click flooding: mass clicks hoping to catch organic installs (very long CTIT, over 1h).
- Emulators & device farms: installs from non-real devices or clusters sharing a fingerprint.
- Datacenter / proxy IPs: traffic that is not a real user's mobile connection.
1. Install postback (S2S)
Your ad network sends a server-to-server POST for each install to https://ingest.mediasafe.cc/ai. We compute CTIT, enrich the IP (datacenter/proxy/country), check emulator flags and device-farm velocity, then return a verdict.
POST https://ingest.mediasafe.cc/ai
Content-Type: application/json
{
"site": "as_XXXXXXXX",
"device_id": "GAID_OR_IDFA",
"click_ts": 1737000000000,
"install_ts": 1737000300000,
"source": "Unity Ads",
"publisher": "sub_pub_id",
"ip": "203.0.113.9",
"ua": "Dalvik/2.1.0 ...",
"bundle_id": "com.your.app",
"platform": "android",
"is_emulator": false,
"is_rooted": false,
"device_hash": "device_fingerprint"
}
Response:
{ "decision": "reject", "verdict": "givt", "score": 100,
"reasons": ["click_injection"], "ctit_ms": 3000 }
| Field | Description |
|---|---|
decision | accept / reject — advisory verdict |
verdict | clean / givt / sivt (IAB categories) |
ctit_ms | Click-to-install time in milliseconds |
2. In-app ad events
Report in-app ad impressions and clicks to https://ingest.mediasafe.cc/ae. Each event is scored for bot/emulator/datacenter signals and feeds the ad-quality reports (viewability, IVT by format).
POST https://ingest.mediasafe.cc/ae
Content-Type: application/json
{
"site": "as_XXXXXXXX",
"device_id": "GAID_OR_IDFA",
"kind": "impression",
"placement": "main_banner",
"ip": "203.0.113.9",
"ua": "Dalvik/2.1.0 ...",
"is_emulator": false,
"viewable": true,
"bundle_id": "com.your.app",
"ad_format": "banner"
}
kind is impression or click.
3. Reverse postback (reject install)
When an install is scored as fraud, MediaSafe fires a GET to your configured URL so the network can reject the install. Configure it in the dashboard under In-App → Settings. Available macros:
https://network.example.com/reject?device={device_id}&v={verdict}&s={score}
| Macro | Value |
|---|---|
{device_id} | Advertising ID (GAID / IDFA) |
{verdict} | clean / givt / sivt |
{score} | 0–100 |
{reason} | Top fraud reason |
{source} | Ad network / source |
What you get
- Fraud rate across installs with CTIT distribution.
- Breakdowns by source network, publisher, device and geo.
- Device intelligence — emulators, root, device farms, IP types.
- Reverse postbacks to reject fraudulent installs.
Getting started
In-App fraud protection is available on Business and Enterprise plans. To connect your ad network, reach us at support@mediasafe.cc.