You may have noticed the news about Cheetah, the Chinese app developer, and the ad scheme to take credit for app installs that they weren’t driving. Through click-injection, they were able to collect app install bounties and potentially cheat their ad partners and Google out of money they didn’t actually earn. Further, they were able to figure out which apps were being downloaded to a users device by requesting unnecessary permissions. Cheetah has responded to deny involvement in any ad fraud.

This isn’t the first time we’ve heard about mobile ad fraud –there have been reports of mobile ad bots simulating clicks and actual users for some time– and it’s probably not the last of it. While the industry unpacks how to deal with responsibility and repercussions for these schemes, there are some takeaways that mobile marketers can learn from this right away.

Lesson #1: Evaluate Your Acquisition Sources Regularly

First, this should be a reminder to evaluate your acquisition sources regularly. You can use Localytics’ attribution reports and integrate with other attribution management tools for deep analysis of your ad performance. If you see any irregularities or sudden spikes, it’s worth investigating further to make sure that the results you’re getting are accurate and the users you’ve acquired are real.

Which leads us to the next lesson:

Lesson #2: Measure The Success Of Your Acquisition Efforts With More Than One Metric

Number of installs can’t be the only way to validate whether or not an acquisition source is actually driving users to your app. It’s easy to look at an attribution report and see where the most users are coming from. However, when measuring installs alone you could be missing out on the fact that the users aren’t actually engaging after the app is installed.

By also measuring the LTV, conversion rates, or time spent in the app of ad acquired users, you’ll get a much more accurate picture of where your most valuable users are coming from. That way you don’t have to worry about spending your ad dollars on the wrong types of ad partners and you can increase your investment with partners that are connecting you with the right audience.

Lesson #3: Trust Is Earned And Easily Broken

Finally, stories like this damage the trust between app users and brands.The app developers were able to pull this ad scheme off by getting users to share a lot of information about their device through the app’s permissions. The Cheetah apps were then able to learn which new apps were being installed on the device and take the credit for the install.

When the average app user learns that their apps can use their personal information (and drain their phone battery) for profit, they’re a lot less likely to allow permissions in the future. For app marketers, it’s going to continue to be a priority to clearly explain why they need certain permissions before requesting them.

Final Thoughts

Based on the issues with Cheetah, anyone using ads for user acquisition should be watching the source of their installs carefully. Being more thorough by adding criteria to your attribution and user engagement reporting will help to spot any fake users or installs early. App users are also going to be on the lookout for any unnecessary permissions that are being requested. Building Soft Asks into your onboarding experience will go a long way to build trust with your users so you can deliver the best app experience.