Click Injection
Fraud with perfect timing — a fake click fired in the seconds between download and first open, stealing credit for an install already happening.
- Term
- Click Injection
- Platform
- Android (broadcast mechanism)
- Steals
- Attribution for in-progress installs
- Fingerprint
- Impossibly short click-to-install times
Forms & parts of speech
Definition in plain terms
Click injection is an Android-specific form of mobile ad fraud in which a malicious app on the user's device detects that another app is being installed and fires a fake ad click in the seconds before the installation completes — so last-click ATTRIBUTION crowns the fraudster's click and pays a CPI bounty for an install that was already happening. Where CLICK SPAMMING plays the lottery with volume, click injection cheats with timing: it only 'clicks' when an install is certain.
The mechanics
The exploit lives in Android's openness. Apps could listen for system broadcasts — notably the install broadcast announcing a new package being added — and fraudulent apps (often hiding inside flashlight-and-wallpaper utilities) used those signals to learn, in real time, that a download had begun. The malware then fired a click for an ad network it monetized through, timed inside the window between download start and first open, winning last-click credit over any legitimate source — including organic discovery, meaning advertisers paid bounties on users they already had. The forensic fingerprint is temporal: legitimate click-to-install distributions include the minutes a store visit and download take, while injected traffic clusters at impossibly short click-to-install intervals (and analysis of time-between-install-and-first-open exposes more). MOBILE MEASUREMENT PARTNERS built filters on exactly these distributions after Adjust and peers documented the technique in 2017, and Google narrowed the broadcast surface — Play's install referrer API and successive Android permission changes cut off much of the listening — but the arms race continues in older devices and side-loaded ecosystems. Defenses are the fraud playbook: MMP filtering on, timing distributions reviewed per source, and insertion orders carrying fraud clawback terms.
When it matters
Click injection matters to anyone buying Android installs at scale, particularly through networks with long publisher tails and in geographies where older Android versions and alternative stores dominate. Its damage doubles like all attribution theft: bounties paid for organic and competitor-driven installs, plus poisoned channel data that routes more budget toward the thief. The discipline is the timing audit — click-to-install distributions by source, with sub-realistic intervals treated as the confession they are — backed by MMP fraud filters and contracts that make their verdicts financially binding.
Synonyms & antonyms
Synonyms
Antonyms
Origin & history
Click injection was documented and named publicly by mobile measurement firm Adjust in 2017, which traced impossibly fast click-to-install intervals to Android apps listening for install broadcasts. Google responded with the Play Install Referrer API and successive Android restrictions on broadcast access, pushing the technique toward older devices while its timing fingerprint became a standard fraud-filter signal.
Etymology: source.
Usage trends
Search interest for this term over the last five years:
Common questions
- What is click injection?
- Android ad fraud where malware detects an install starting — via system broadcasts — and fires a fake ad click seconds before completion, so last-click attribution pays the fraudster for an install already underway.
- How do you detect click injection?
- Timing — click-to-install distributions cluster at impossibly short intervals for injected traffic, since real flows include store visits and download time; MMP fraud filters score exactly this fingerprint.
- How is click injection different from click spamming?
- Click spamming floods fake clicks hoping users install organically later; click injection waits until an install is certain and fires one precisely timed click — volume versus timing.
Related tools & calculators
- toolCAC calculator
- toolLTV:CAC calculator
Resources & people to follow
- referenceAdjust — click injection
- referenceWikipedia — Ad fraud
- referenceRGM analysis — audit click-to-install timing weekly; real users take minutes, thieves take seconds
Curated, non-competitor resources verified per term.
Related training
- modulePerformance marketing
Disciplines
Areas of marketing where click injection is a core concern: