What Is Device Farm?

You’ve probably heard of the term device farm if you’ve ever worked with mobile marketing, performance advertising, QA testing, or app measurement.

But are people simply referring to normal device farms or to fraudulent mobile ad spending? 

There are different ways of interpreting the term depending on your perspective.

In this glossary, you will find out more than just the basic definition of device farms. Here are some things you will learn about device farms:

• What a Device Farm (originally) is
• How a Device Farm operates in practice 
• How Device Farm activity shows up in Mobile Attribution 
• Why Device Farm fraud distorts the performance of your campaigns 
• How to identify and minimise the impact of Device Farms

This article has been designed to promote critical thinking because signal quality determines decision quality, ultimately leading to successful mobile growth.

Device Farm: Understanding the Core Device Farm Definition

Essentially, a device farm is an organised system of devices (both physical and virtual) that are used to provide remote control and automated access to them.

It is similar to a data centre; however, instead of hosting web pages, they host mobile devices.

Initially, device farms were created in response to a very real challenge that all app developers face: device fragmentation.

When an app developer ships a new product worldwide, they don’t merely have to consider what operating system (OS) their target audience uses (i.e., Android or iOS), but also the fact that within both Android and iOS, users may have various model types, memory sizes, CPU designs, and screen sizes all relevant to their choice of devices based on where they live.

Thus, while Android dominates total phone brands globally, there are hundreds of thousands of unique devices with diverse OS versions, making it a complex, difficult, and expensive situation for developers to test on multiple devices with varying configurations. (Statista regularly reports OS distribution differences across markets)

Instead of buying one hundred plus physical devices and dealing with their upkeep, companies can use a device farm to:

• Run automated tests 
• Simulate user flows 
• Validate SDK connections 
• Stress-test performance 
• Identify points of crash 

In this legitimate use case, a device farm is an infrastructure provider rather than a threat.

However, context is everything.

Device Farms & Mobile Ads: When Infrastructure Turns Into Manipulative Behaviour

In mobile ad and attribution, the term device farms usually points to risk.

Here’s the reason.

A fraudster can set up a device farm just like a developer. The only difference is their intention behind the device farm.

Instead of using the device farm to test the stability of the app, they use the device farm to simulate user behaviour. Examples of their simulated user behaviour include:

• They install an app.
• They complete the onboarding process.
• They carry out certain events that the app has designed for them.
• They remain active for a certain amount of time.
• They time their activity so that it occurs within the attribution window.

From your dashboard, everything looks fine:

• The number of installs is good.
• Timing of click-to-install is good.
• The percentage of events completed in-app is good.

However, they are actually just following scripts.

This is what people commonly refer to as device farm fraud.

Unlike bot traffic, where it is easy to see that there is automation because of the behaviour of the bot traffic, device farm fraud can use real devices, thus making detection more difficult.

According to industry analyst Juniper Research, mobile ad fraud costs approximately billions. The amount of financial misconduct has had a major impact on the business model.

Once you have a grasp of the financial benefit of the activity, the existence of device farms that are being used for fraud should be easier for you to understand.

What is a Device Farm and How Does it Work? The Technical Aspect of a Device Farm. 

In order to have a firm grasp of the benefits of device farms, you will first need to understand how they operate.

The Operation of Device Farms is Layered.

1: Device Infrastructure Layer

Examples of what may be found in a Physical Device Farm are:

• Hundreds/thousands of physical mobile devices
• USB-connected racks of devices
• Centralised power supply
• Automatic reset scripts on devices.
• SIM card rotation/network configuration rotation.

Remote control of any one device.

Virtual Device Farms utilise Emulated Environments. Even though they rely largely on signature discrepancies, more advanced configurations can emulate true hardware profiles.

2: Automation Control Layer

The automation control layer is responsible for the orchestration of app downloads and installs, the triggering of in-app events, the timing of app sessions and the switching between background and foreground states.

These scripts are created to simulate believable user journeys.

An example of this could be as follows: instead of triggering an in-app purchase right after a user installs an application, the script will wait anywhere from 45 to 90 seconds, scroll through the app’s onboarding flow, trigger a level completion, and have the user appear to be retained on their first day.

This makes the behaviour look “natural”.

3: Attribution Alignment Layer

Now we get into strategy.

Fraudsters are smart enough to understand how attribution works.

They know how to coordinate their activities around:

• Attribution Windows
• Click Injection Timing
• View-Through Windows
• Post-Install Event Thresholds

For example, if an attribution provider credits an install based on a last-click attribution logic inside of a 7-day window, the fraudster will design their activity around that exact window.

If you structured your optimisations on specific In-App Events, they will create scripts to trigger those events.

This isn’t just random automation; this is engineered mimicry.

How Device Farm Activity Impacts Your Growth Metrics

When you look at performance campaigns, you use metrics to help you optimise.

If those metrics are affected, your strategic decisions will also be impacted.

Here are some ways this happens.

Exaggerated Install Count

– Device farm activity generates an artificial increase in install count. You may mistakenly think that a channel is scaling effectively.

Artificial Retention Signals

– If scripted sessions show day-one and/or day-two retention, you will see a stable retention profile.

Artificial CPI (cost-per-install) and ROAS (return on ad spend)

– Because the installs are not real, your CPI metric will not accurately reflect what you will eventually generate in revenue. Because of this, your expectations on ROAS will decrease over time as well.

Machine Learning Contamination

– Many platforms use algorithms to optimise their performance. If fake installs are involved in their machine learning process, then those fraudulent installs will affect their ability to optimise based on real-world performance.

This creates a self-perpetuating cycle.

You scale what appears to work, but what “works” is based on deception.

Emulator Farms vs Physical Device Farms: Why Physical Device Farms are More Difficult to Identify

It is critical that emulator farms be clearly distinguished from physical device farms.

Emulator farms use software simulation running on computers and commonly produce various identifiable data signatures, like:

– Identical device IDs

– Repeated system setup configurations

– Lack of sensor data

Physical device farms, on the other hand, use physical smartphone devices.

Each of these devices will: 

– Have a legitimate device identification 

– Send out realistic signals at the systems level 

– Connect through the telephony network dynamically 

Therefore, the operations of physical device farms will easily blend into the operations of real device traffic. 

The result is that physical device farm detection relies less on hardware identification and more on behavioural anomaly detection.

Signs of Device Farm Behaviour

Waiting until you have enough evidence before making any decision is important to avoid jumping to conclusions, but it still helps to look for patterns in your event-level data for device farm type behaviours.

Patterns you may see include things such as:

• Time to event intervals all hit around the same amount of time.
• Disproportionate representation of the same model of devices.
• Sessions of all users are about the same length of time.
• High engagement but no monetisation.
• Inconsistent geography between clicks and installs.

The main pattern when looking at uniformity.

Normal users will act differently from normal users, whereas fraud scripts, especially when created to look random, will act the same way. 

Device Farm & Mobile Attribution Connection

Mobile attribution identifies what marketing channel(s) get credit for an install or event.

Attribution can be exploited based on these elements:

• Last-click models
• Short conversion windows
• Very limited behavioural validation

Attribution models that have these elements provide an easier way to manipulate the attribution from a device farm setup.

Due to the privacy focus of frameworks such as SKAdNetwork and the increased usage of statistical modelling due to the decreased level of granularity at the user-level, anomaly detection becomes more important.

Protect your Campaign against Device Farm Fraud

Coping with device farm fraud cannot simply be done by relying on one way of stopping it. Instead, it is going to take having many different layers of Fraud Prevention coming together across the various stages of their workflow (i.e., attribution, analytics, optimisation).

Improve your Event-Level Validation Process

Using install-only metrics will no longer suffice. To fraudulently prevent fraud from occurring, you will need to have improved post-install validation connected to actual user behaviour and not just on the surface level or with surface-level type events. You should be focusing on high intent events, engagement/depth and a realistic user journey that are near impossible to simulate with scripted automation.

Monitor your Users’ Behaviour for Anomalies

As an overall Fraud Prevention Framework, you want to continuously monitor user behaviours instead of straight metrics. Some of the behaviours you are looking for include;

– Abnormal clustering of installs/events

– Unrealistically consistent time for engagement.

– Sudden increase in traffic with no organic uplift correlation.

These behaviours, when consistently occurring at scale, can often point towards the fact that you are leveraging automation rather than having an authentic, diverse user base.

Emphasis on Revenue Quality Signals

Revenue-linked activities are much harder to manufacture in an equitable and unlimited way. Comparing revenue outcomes with the activity for fraud prevention is important. When there are many installs, but the revenue generated is significantly less than expected based on the number of installs and in-app activity, additional investigation should be conducted.

Audit Source Transparency

Fraud prevention is also dependent upon visibility. If it isn’t clear where traffic is coming from, how placement logic works or have transparent access to inventory, your exposure to fraud increases. Having strong accountability and reporting will help to reduce the areas in which device farms may conceal activity.

Defending Against Device Farm Activity in Your Campaigns

To protect your campaigns against device farm activity means preserving the integrity of your data and not just reacting to one-time spikes.

Your benchmark cannot be installed alone. Only by looking at your post-install user behaviour, engagement flow and monetisation patterns can you start to assess whether your growth is due to legitimate users or engineered activity. Stable, meaningful signals help create a stable experience and thus create additional vulnerability.

Patterns in behaviour tell us a story as well. Uniform time frames, mechanical sequences of engagement and unusual traffic surges lend themselves to revealing more than just the volume alone. All real users display a degree of unpredictability, while scripted systems are uniform.

Revenue generated from the activity and long-term engagement also provides additional clarity; intent is very much more difficult to replicate with consistency. When your performance metrics, as well as your monetisation signals, are naturally aligned, there is a higher level of confidence than when they are not, therefore requiring investigation of the discrepancy.

Transparency has a positive effect on everything. Clear attribution paths, visible traffic sources and measurable logic behind events help eliminate blind spots, therefore enhancing your trust in the decisions you make to optimise your marketing activities.

To ultimately protect your campaigns really means protecting the quality of the signals you receive. In mobile growth, your strategy will have its strength based on the quality of the data accepted into your strategy, and clarity will keep your growth progressing.

FAQs