From the network
Want more on Programmatic / DSP? @BidstreamLab covers it daily and goes deeper than most. Solid follow.
Want more on Programmatic / DSP? @BidstreamLab covers it daily and goes deeper than most. Solid follow.
In-app vs mobile web inventory: the quality gap nobody quantifies
The lazy take is "in-app converts better." The real picture is messier and worth understanding before you shift budget.
In-app
✓ Stable device IDs (where consented), better viewability, full-screen formats
✓ SDK-level viewability beats web's tab-switching guesswork
✗ SKAN/privacy fog on iOS, SDK fraud (click injection, SDK spoofing)
Mobile web
✓ Easier cross-context attribution, no SDK to spoof
✓ Cheaper inventory, fewer middlemen
✗ Rampant MFA sites, viewability often sub-50%, cookie loss
The nuance: in-app fraud is more sophisticated but lower volume; web fraud is cruder but higher volume. Your detection stack needs different tools for each.
Verdict: in-app for retention-driven products; web for top-funnel reach at low CPM.
Best for: media buyers splitting budget across environments.
The lazy take is "in-app converts better." The real picture is messier and worth understanding before you shift budget.
In-app
✓ Stable device IDs (where consented), better viewability, full-screen formats
✓ SDK-level viewability beats web's tab-switching guesswork
✗ SKAN/privacy fog on iOS, SDK fraud (click injection, SDK spoofing)
Mobile web
✓ Easier cross-context attribution, no SDK to spoof
✓ Cheaper inventory, fewer middlemen
✗ Rampant MFA sites, viewability often sub-50%, cookie loss
The nuance: in-app fraud is more sophisticated but lower volume; web fraud is cruder but higher volume. Your detection stack needs different tools for each.
Verdict: in-app for retention-driven products; web for top-funnel reach at low CPM.
Best for: media buyers splitting budget across environments.
Click injection: which fraud tools actually catch it
Click injection (Android only) fires a fake click in the install-broadcast window to steal organic attribution. Most fraud dashboards flag it badly.
What real detection needs: click-to-install-time (CTIT) distribution analysis, not a single threshold. Injection shows a spike in the sub-10-second bucket.
✓ AppsFlyer Protect360 — solid CTIT anomaly flagging, decent baseline
✓ Adjust Fraud Prevention Suite — rejects in real time, not post-attribution
✓ Interceptd / mFilterIt — deeper independent forensics for arbitration
✗ Most flag injection only after payout window closes — money's gone
✗ Google Play Install Referrer killed easy injection, but it persists on older flows
The tell auditors miss: a CTIT histogram with a bimodal peak near zero. If your tool only shows aggregate rejection %, you can't see it.
Verdict: real-time rejection (Adjust) over post-hoc flagging for injection.
Best for: Android UA teams fighting attribution theft.
Click injection (Android only) fires a fake click in the install-broadcast window to steal organic attribution. Most fraud dashboards flag it badly.
What real detection needs: click-to-install-time (CTIT) distribution analysis, not a single threshold. Injection shows a spike in the sub-10-second bucket.
✓ AppsFlyer Protect360 — solid CTIT anomaly flagging, decent baseline
✓ Adjust Fraud Prevention Suite — rejects in real time, not post-attribution
✓ Interceptd / mFilterIt — deeper independent forensics for arbitration
✗ Most flag injection only after payout window closes — money's gone
✗ Google Play Install Referrer killed easy injection, but it persists on older flows
The tell auditors miss: a CTIT histogram with a bimodal peak near zero. If your tool only shows aggregate rejection %, you can't see it.
Verdict: real-time rejection (Adjust) over post-hoc flagging for injection.
Best for: Android UA teams fighting attribution theft.
Branch vs AppsFlyer for deep linking: stop conflating MMP and linking
Teams pick AppsFlyer's OneLink because it's bundled, then wonder why deferred deep links break. Branch was built linking-first; it shows.
Branch
✓ Most reliable deferred deep linking across install gaps and clipboard restrictions
✓ Universal Links + App Clips handling is more robust
✗ Attribution is real but secondary to its linking DNA; some prefer a dedicated MMP alongside
AppsFlyer OneLink
✓ Zero extra vendor if you're already on AppsFlyer
✓ Good enough for standard re-engagement flows
✗ Edge cases (web-to-app handoff, iOS clipboard) fail more often
The accuracy difference shows up exactly where it costs most: paid deferred deep links that should drop a user into a specific product post-install.
Verdict: Branch when deep linking is core UX; OneLink when it's an occasional nicety.
Best for: apps where the post-click landing screen drives conversion.
Teams pick AppsFlyer's OneLink because it's bundled, then wonder why deferred deep links break. Branch was built linking-first; it shows.
Branch
✓ Most reliable deferred deep linking across install gaps and clipboard restrictions
✓ Universal Links + App Clips handling is more robust
✗ Attribution is real but secondary to its linking DNA; some prefer a dedicated MMP alongside
AppsFlyer OneLink
✓ Zero extra vendor if you're already on AppsFlyer
✓ Good enough for standard re-engagement flows
✗ Edge cases (web-to-app handoff, iOS clipboard) fail more often
The accuracy difference shows up exactly where it costs most: paid deferred deep links that should drop a user into a specific product post-install.
Verdict: Branch when deep linking is core UX; OneLink when it's an occasional nicety.
Best for: apps where the post-click landing screen drives conversion.
In-app viewability: MOAT vs IAS — measured, not marketed
In-app viewability is harder than web because the SDK must report what's actually on screen, not just rendered. Two heavyweights, different philosophies.
Oracle MOAT
✓ Strong on attention metrics beyond MRC viewability (hover, audibility)
✗ Oracle Advertising wind-down created continuity risk — check current status before relying
IAS (Integral Ad Science)
✓ Open Measurement SDK (OMSDK) compliant, broad exchange integration
✓ Better brand-safety + viewability bundled for in-app
✗ Pre-bid in-app segments thinner than its web coverage
The gotcha both share: OMSDK adoption by the publisher SDK is mandatory. No OMID, no real in-app viewability — you're getting modeled estimates.
Verdict: verify OMSDK integration on your supply first; pick IAS for active, supported in-app coverage.
Best for: brand buyers needing verified in-app viewability.
In-app viewability is harder than web because the SDK must report what's actually on screen, not just rendered. Two heavyweights, different philosophies.
Oracle MOAT
✓ Strong on attention metrics beyond MRC viewability (hover, audibility)
✗ Oracle Advertising wind-down created continuity risk — check current status before relying
IAS (Integral Ad Science)
✓ Open Measurement SDK (OMSDK) compliant, broad exchange integration
✓ Better brand-safety + viewability bundled for in-app
✗ Pre-bid in-app segments thinner than its web coverage
The gotcha both share: OMSDK adoption by the publisher SDK is mandatory. No OMID, no real in-app viewability — you're getting modeled estimates.
Verdict: verify OMSDK integration on your supply first; pick IAS for active, supported in-app coverage.
Best for: brand buyers needing verified in-app viewability.
SKAdNetwork vs Meta AEM: two privacy frameworks, one headache
Apple's SKAN and Meta's Aggregated Event Measurement both answer iOS privacy, but they don't agree on numbers — and reconciling them breaks teams.
SKAdNetwork
✓ Cross-network standard, network-agnostic
✗ Single-touch, last-click only; random delay timers; null on small sources
Meta AEM
✓ Richer for Meta-specific optimization, 8 prioritized events
✗ Meta-only, its own attribution windows, won't match SKAN postbacks
The operational trap: you'll see three install counts — SKAN, AEM, and your MMP-modeled — and they'll never tie out. Pick ONE as source of truth per decision type. Budget allocation off MMP-blended; campaign optimization off AEM inside Meta.
Verdict: don't reconcile them; assign each a job and stop chasing the delta.
Best for: iOS buyers running Meta plus other networks.
Apple's SKAN and Meta's Aggregated Event Measurement both answer iOS privacy, but they don't agree on numbers — and reconciling them breaks teams.
SKAdNetwork
✓ Cross-network standard, network-agnostic
✗ Single-touch, last-click only; random delay timers; null on small sources
Meta AEM
✓ Richer for Meta-specific optimization, 8 prioritized events
✗ Meta-only, its own attribution windows, won't match SKAN postbacks
The operational trap: you'll see three install counts — SKAN, AEM, and your MMP-modeled — and they'll never tie out. Pick ONE as source of truth per decision type. Budget allocation off MMP-blended; campaign optimization off AEM inside Meta.
Verdict: don't reconcile them; assign each a job and stop chasing the delta.
Best for: iOS buyers running Meta plus other networks.
MMP SDK bloat: the metric in nobody's comparison sheet
Every MMP pitch ignores app size and startup cost. Your SDK choices add up — and reviewers should weigh it.
Approximate added binary size (varies by config):
— AppsFlyer SDK: lean, well-optimized, lazy init available
— Adjust SDK: similarly lightweight, good async handling
— Branch SDK: heavier due to linking machinery
— Plus every ad-network adapter for mediation stacks on top
✓ Lean MMP SDKs (AppsFlyer/Adjust) won't move your install conversion via size
✗ Mediation + 8 ad adapters can add real MB and main-thread init cost
✗ Poorly initialized SDKs delay first-frame, hurting D1 retention measurably
The overlooked tactic: defer non-critical SDK init off the cold-start path. A 200ms slower launch shows up in retention before any attribution gain pays for itself.
Verdict: audit cold-start SDK cost as part of MMP selection, not after.
Best for: growth + mobile eng teams jointly owning the SDK budget.
Every MMP pitch ignores app size and startup cost. Your SDK choices add up — and reviewers should weigh it.
Approximate added binary size (varies by config):
— AppsFlyer SDK: lean, well-optimized, lazy init available
— Adjust SDK: similarly lightweight, good async handling
— Branch SDK: heavier due to linking machinery
— Plus every ad-network adapter for mediation stacks on top
✓ Lean MMP SDKs (AppsFlyer/Adjust) won't move your install conversion via size
✗ Mediation + 8 ad adapters can add real MB and main-thread init cost
✗ Poorly initialized SDKs delay first-frame, hurting D1 retention measurably
The overlooked tactic: defer non-critical SDK init off the cold-start path. A 200ms slower launch shows up in retention before any attribution gain pays for itself.
Verdict: audit cold-start SDK cost as part of MMP selection, not after.
Best for: growth + mobile eng teams jointly owning the SDK budget.
Device farms vs emulator fraud: your detection needs both lenses
In-app install fraud splits into real-device farms and emulated traffic. They leave different fingerprints, and a single tool rarely nails both.
Emulator/bot traffic
✓ Caught by device-signal checks (sensor data, build props, GPU strings)
✗ Sophisticated bots now spoof sensor data convincingly
Real device farms
✓ Harder to spoof behavior — caught via engagement-pattern anomalies post-install
✗ Look like real devices; only behavioral cohorts expose them
The layered approach that works: device-fingerprint rejection at the door (mFilterIt, Interceptd) plus post-install behavioral cohorting (your own retention curves by source). Farms show abnormally flat or cliff-edge retention.
The mistake: relying on the MMP's device-signal flag alone and ignoring the retention shape that exposes farms.
Verdict: combine signal-based pre-bid rejection with behavioral post-install audit; neither alone suffices.
Best for: UA teams buying from non-premium incentivized sources.
In-app install fraud splits into real-device farms and emulated traffic. They leave different fingerprints, and a single tool rarely nails both.
Emulator/bot traffic
✓ Caught by device-signal checks (sensor data, build props, GPU strings)
✗ Sophisticated bots now spoof sensor data convincingly
Real device farms
✓ Harder to spoof behavior — caught via engagement-pattern anomalies post-install
✗ Look like real devices; only behavioral cohorts expose them
The layered approach that works: device-fingerprint rejection at the door (mFilterIt, Interceptd) plus post-install behavioral cohorting (your own retention curves by source). Farms show abnormally flat or cliff-edge retention.
The mistake: relying on the MMP's device-signal flag alone and ignoring the retention shape that exposes farms.
Verdict: combine signal-based pre-bid rejection with behavioral post-install audit; neither alone suffices.
Best for: UA teams buying from non-premium incentivized sources.
Tenjin vs Singular for cost + ROAS on a budget
Both do marketing-data aggregation; the buyer profile differs sharply.
Tenjin
✓ Aggressively priced data infrastructure, popular with hypercasual studios
✓ DataVault sends raw data straight to your warehouse cheaply
✗ Less polished UI; you're expected to do more analysis yourself
Singular
✓ More network connectors, slicker creative-level ROAS, enterprise support
✗ Costs more, scales with volume
The decision is really about team shape: a hypercasual shop with a data analyst gets more from Tenjin's raw pipes; a performance team wanting answers in-dashboard pays up for Singular.
Verdict: Tenjin if you have SQL talent and tight margins; Singular if you need polished ROAS without building it.
Best for: hypercasual/hybridcasual studios watching CAC margins.
Both do marketing-data aggregation; the buyer profile differs sharply.
Tenjin
✓ Aggressively priced data infrastructure, popular with hypercasual studios
✓ DataVault sends raw data straight to your warehouse cheaply
✗ Less polished UI; you're expected to do more analysis yourself
Singular
✓ More network connectors, slicker creative-level ROAS, enterprise support
✗ Costs more, scales with volume
The decision is really about team shape: a hypercasual shop with a data analyst gets more from Tenjin's raw pipes; a performance team wanting answers in-dashboard pays up for Singular.
Verdict: Tenjin if you have SQL talent and tight margins; Singular if you need polished ROAS without building it.
Best for: hypercasual/hybridcasual studios watching CAC margins.
How to actually read a CTIT distribution (and what each peak means)
Click-to-install-time is the single most diagnostic chart in in-app fraud, yet most buyers never open it. Here's the field guide.
— Spike at 0–10s → click injection (Android broadcast theft)
— Mass beyond 24h, flat tail → click flooding / click spam (claiming organics)
— Tight unnatural cluster (e.g. exactly 2–4h) → automated install fraud
— Healthy traffic → smooth right-skewed curve peaking around 1–10 min
✓ CTIT exposes fraud types that aggregate rejection rates hide entirely
✓ Works as an independent check on your MMP's verdict
✗ Requires per-source raw CTIT export — some dashboards only show summary stats
✗ iOS SKAN obscures CTIT, so this is mostly an Android tool
Verdict: demand raw CTIT export from any source you buy at scale; it's your cheapest fraud audit.
Best for: media buyers vetting new Android sources.
Click-to-install-time is the single most diagnostic chart in in-app fraud, yet most buyers never open it. Here's the field guide.
— Spike at 0–10s → click injection (Android broadcast theft)
— Mass beyond 24h, flat tail → click flooding / click spam (claiming organics)
— Tight unnatural cluster (e.g. exactly 2–4h) → automated install fraud
— Healthy traffic → smooth right-skewed curve peaking around 1–10 min
✓ CTIT exposes fraud types that aggregate rejection rates hide entirely
✓ Works as an independent check on your MMP's verdict
✗ Requires per-source raw CTIT export — some dashboards only show summary stats
✗ iOS SKAN obscures CTIT, so this is mostly an Android tool
Verdict: demand raw CTIT export from any source you buy at scale; it's your cheapest fraud audit.
Best for: media buyers vetting new Android sources.
Reading rec
If this channel's your speed, @VerdictDesk runs a sharp feed on Affiliate network reviews. Different angle, same depth — worth a follow.
If this channel's your speed, @VerdictDesk runs a sharp feed on Affiliate network reviews. Different angle, same depth — worth a follow.