Seemingly legitimate apps are downloaded by unsuspecting users that run install bots in the background. These sophisticated Bots mimic human behaviour to download, open, and in some cases, engage with apps without the knowledge of the host.
The clicks are occurring on real devices and apps are actually downloaded but the install is of no value to the advertiser because it isn't being engaged with by a real user.
AKA: SDK Spoofing
Objective: Generate a fake install or fake engagement/retention events
Indicator: Irrational engagements
Detection starts with the highest level monitoring of post-install events by each traffic source. TrafficGuard monitors events that occur in mass as Bots follow programmed patterns.
Focusing in on each traffic source individually, but with the ability to see their traffic across many campaigns, enables TrafficGuard to determine whether their traffic as a whole fits the norm.
Source: TrafficGuard Glossary