Click injection is a sophisticated form of click-spamming. By publishing (or having access to) an Android app that listens to “install broadcasts,” fraudsters detect when other apps are downloaded and trigger clicks before an install completes. The fraudster then receives credit for installs as a consequence. If fraud prevention tools are inadequate, individuals who commit click injection fraud can take advantage of a low-quality app to take control of a device at a strategic moment (and with the necessary data) in order to produce a false advertisement click that looks genuine, causing payouts based on cost per install (CPI).
The click injection technique is often employed by fraudulent actors through the use of “junk apps” installed on a user’s device. These apps lay dormant until an installation broadcast activates them, allowing them to take control of the user’s device and generate false clicks that steal credit for organic or non-organic installs generated by other networks.
Aside from the financial damage caused by draining advertising budgets, click injection can have serious implications for advertisers’ future targeting and segmentation of traffic. It can distort the planning and distribution of ad spend by highlighting fraudulent sources ahead of legitimate ones.