AppsFlyer's State of Fraud for Marketers 2026, published today, documents a significant shift in how mobile ad fraud operates: the channel most advertisers treat as a clean performance baseline has become the single largest vehicle for fraudulent installs.

The report draws on 106.4 billion total installs across 246,000 apps, covering Q1 2025 to Q1 2026. Its central finding is that organic traffic now accounts for 52 per cent of all fraudulent mobile installs. That figure matters not because organic fraud is a new phenomenon, but because of what it means for how advertisers measure everything else.

Why organic fraud distorts the entire measurement stack

Every mobile marketing team uses organic install rates as an internal benchmark. When a paid campaign performs, the comparison point is what organic delivers on its own. Inflate that organic number - whether through deliberate fake installs designed to look like self-discovered traffic, or through paid campaigns where attribution fails and the install defaults to organic - and every paid campaign suddenly looks better by comparison.

The report illustrates the mechanism in concrete terms. As Finance advertisers tightened affiliate measurement controls during the period examined, the affiliate share of Finance fraud fell from 58 per cent to 49 per cent. That looks like progress. But organic's share of Finance fraud rose from 35 per cent to 46 per cent over the same period. The total fraud volume barely changed. It migrated.

According to Adam Smart, Global Director of Product, Gaming at AppsFlyer: "There's a question worth asking: why would a fraudster attack organic traffic, when there's no direct payout for doing so? The answer is that organic is the benchmark. It's the number every marketer uses to judge whether a paid campaign is performing. If you can inflate that number, you shift what 'normal' looks like, and suddenly, fraudulent paid installs don't look fraudulent anymore. They look like they're just keeping pace. Whether that's intentional or not, it's the effect. And right now, a lot of marketers are optimising against a benchmark that's been moved."

Affiliates account for nearly 40 per cent of fraudulent installs. Together, organic and affiliate channels account for approximately nine in ten fraudulent installs across both iOS and Android. Self-reporting networks, by contrast, account for just 1.5 per cent of all fraud. The gap between affiliate fraud rates and SRN fraud rates reached 36x by Q1 2026, holding above 30x in every quarter of the year.

Platform divergence: iOS improves while Android fragments

One of the more meaningful shifts in the dataset is the reversal in platform-level fraud quality. Overall iOS fraud dropped 33 per cent year over year, falling from 17.5 per cent in Q1 2025 to 11.7 per cent in Q1 2026. By Q4 2025, iOS had crossed below Android's 14 to 15 per cent range. Android held largely flat across the full year. For the first time in the period covered by the report, buying on iOS delivers proportionally more real users than buying on Android.

The platform-level figure conceals sharp vertical-level divergence on Android. Gaming runs at 7 per cent, Shopping at 10 per cent, Finance at 31 per cent. Those are persistent but relatively contained fraud environments. The outlier is Gambling. Android fraud in that vertical rose 20 per cent year over year, from 49 per cent in Q1 2025 to 59 per cent in Q1 2026, peaking at 64 per cent in Q4. It is the only vertical where fraud is still accelerating. Every other category either held flat or improved.

The report introduces Real Users Lift as the most operationally direct way to express what those rates cost. The metric measures the ratio of fake installs to real ones. A 175 per cent Real Users Lift in Gambling on Android in Q4 2025 means that for every real user acquired, advertisers paid for nearly two fake ones. The stakes in that vertical - high payouts, rapid market expansion, concentrated Q4 spend - create precisely the conditions that make fraud economically attractive.

Finance on Android presents a different problem: not acceleration, but stagnation. Real Users Lift in that vertical has remained locked between 50 per cent and 53 per cent for five consecutive quarters with no improvement. Approximately half of what Finance advertisers think they are acquiring on Android does not exist, and that figure has not shifted in either direction since Q1 2025. The entire Finance Android measurement baseline is, according to AppsFlyer, overstated by roughly half.

Social Media on iOS: a full quarter of near-total distortion

The most extreme data point in the report involves Social Media on iOS. Real Users Lift in that category hit 275 per cent in Q2 2025. For one complete quarter, three in four installs were fake. Every growth metric, every cohort, every ROAS figure built on Social Media iOS data during that period was measuring an audience that largely did not exist. The installs appeared in the dashboards. The users did not.

The recovery was dramatic. Real Users Lift improved 38 per cent year over year and fell to 15.6 per cent by Q1 2026. But the episode illustrates how completely a category's measurement can be compromised in a short window. At the platform level, iOS lift improved 38 per cent year over year from 21 per cent to 13 per cent while Android held flat at around 17 per cent.

Store validation fraud and the rise of spoofing

On iOS specifically, store validation fraud dominated the fraud mix throughout 2025. The technique works by fabricating app store receipts and submitting them to ad measurement systems to claim credit for fake installs - no real device, no real user required, at near-zero cost per attempt. Store validation accounted for between 67 per cent and 73 per cent of detected iOS fraud throughout 2025, peaking at 73.1 per cent in Q2 2025 before falling to 50.8 per cent by Q1 2026.

That decline does not reflect a drop in absolute volume. It reflects the rise of behavioral anomalies as a secondary technique. According to the report, fraudsters are increasingly combining fabricated receipts with fake in-app behavior, which registers as a distinct fraud signal. The two methods are being used together with growing frequency.

What determines whether store validation fraud is viable is the type of app, not the location. In categories where the post-install action is simple - a free download, a basic account signup - fabricating a convincing receipt requires minimal sophistication. Graphic and Design apps show a 99.8 per cent store validation rate; News and Magazines 99.0 per cent; Social Media 98.2 per cent. In categories where the advertiser pays only when a user completes a high-value action, the rate drops: Gambling at 39.3 per cent, Finance at 54.3 per cent, Transportation at 43.3 per cent.

Spoofing represents a structurally different threat. Unlike install hijacking - which steals credit for real installs that were already happening - spoofing fabricates everything from scratch: devices, users, and in-app events. Spoofed installs grew at multiples of overall install growth quarter after quarter across 2025. Spoofing was the fastest-rising fraud technique of the year, outpacing overall install growth every quarter between Q3 2025 and Q1 2026.

The technique's specific danger is detection resistance. Spoofing generates clean-looking signals rather than anomalies. It mimics device fingerprints, behavioral patterns, and event sequences designed to pass standard verification. According to AppsFlyer, this makes it the most likely type of fraud to be undercounted in any dataset, including the one underpinning the report itself.

On Android, 87 per cent of detected fraud falls under the fake installs category; on iOS, 92 per cent. Gaming fraud shifted during the period from device emulators - down 32 per cent year over year - to physical device farms, up 72 per cent year over year. The reason is detection: Gaming's rich post-install data, including session depth, retention, and level completions, made emulators easier to catch than in almost any other vertical, so operators moved to the harder-to-detect alternative.

Owned media and DSP fraud: the next overflow channels

The pattern running through every block of analysis in the report is that fraud does not disappear when a channel is cleaned up - it relocates. Two channels reflect this dynamic most clearly in 2025.

Owned media fraud rose 221 per cent year over year, from 3.4 per cent to 11 per cent. DSP fraud rose 59 per cent year over year, from 5.6 per cent to 8.9 per cent. Both increases follow from the same mechanism: as scrutiny increased in higher-visibility channels, fraud moved toward wherever detection was weakest. Owned media had lower scrutiny. DSP inventory, outside the SRN ecosystem, carries far more room for manipulation than closed-loop platforms.

For performance teams managing programmatic campaigns through DSPs, the 59 per cent year-over-year increase in DSP fraud rate is operationally significant. IAS received MRC accreditation for Amazon DSP invalid traffic measurement in November 2025, reflecting growing demand for independent verification within programmatic channels. Independent verification addresses part of the problem, but the channel-migration pattern suggests fraud adapts faster than measurement coverage expands.

Regional patterns: UK, US, and high-growth markets

At the country level, the report breaks markets into three groups. The first - Indonesia, India, Brazil, Nigeria - saw fraud fall across both channels. India is the most consequential improver in absolute terms, because it accounts for nearly 28 per cent of all global Android fraud. Even modest declines there move the global needle more than eliminating affiliate fraud entirely in most other markets.

The second group - the US, UK, France, Spain, and Germany - shows organic improving while affiliate fraud worsened. UK organic ended the period at 9.2 per cent. US organic at 12 per cent. Both are well below the global average. But affiliate rates in those same markets rose steadily through 2025. The markets best at fixing organic left their affiliate channels under-defended.

In the UK specifically, affiliate share of fraud rose 35 per cent year over year, from 42 per cent to 57 per cent. iOS store validation fraud in the UK ranged from 46 per cent to 69 per cent across the period. Spain sustained the highest store validation rate of any major market throughout the period, ranging from 55 per cent to 82 per cent, peaking at 81.7 per cent in Q4 2025. High ad spend on Finance and Shopping apps, combined with a relatively small market, makes it a high-return, lower-scrutiny target.

The third group - Vietnam, Singapore, China - shows the signature of deliberate fraud operations. Vietnam ran 33 to 34 per cent organic fraud for three consecutive quarters, then collapsed in Q4 - a spike-and-drop pattern consistent with an operation that was eventually blocked. Singapore showed the same spike-and-drop pattern. China is structurally different: 97 per cent of traffic routes through organic, all fraud is device-based, and there is no seasonal component.

Pakistan surged 74 per cent year over year in affiliate share of fraud, from 32 per cent to 55 per cent. India's affiliate share grew from 57 per cent to 65 per cent - the highest concentration of any major market.

What the data means for measurement infrastructure

The report's significance for the marketing community lies not in any single vertical or channel figure, but in the distribution pattern underneath the aggregate. A flat or declining overall fraud rate, which iOS achieved in 2025, can coexist with accelerating fraud in specific verticals and in channels that receive less scrutiny. The 2026 data shows that is exactly what happened.

PPC Land has covered the growing entanglement of attribution and fraud detection infrastructure as mobile measurement has grown more complex. AppsFlyer launched eight new products in November 2025, including an Enhanced Attribution Model with real-time AI behavioral analysis to detect click flooding. The fraud report provides the empirical context for why that investment matters: detection improvements in one channel consistently push fraudulent traffic toward the next weakest point.

DoubleVerify's September 2025 findings on AI-powered fraudulent mobile applications established the escalating sophistication of the threat. Its ShadowBot investigation found devices appearing to open 10 different spoofed applications within 9 minutes - behavior impossible for actual users. The AppsFlyer report adds the scale dimension: those techniques are operating across billions of installs, and the channels absorbing the most fraud pressure are frequently the ones with the least verification infrastructure.

Igor Myrgorodskyi, VP Business Operations at adjoe, addressed the broader detection challenge in the report's expert commentary: "Fraudsters are agile. To stay ahead, defenses must be proactive and dynamic, adapting to new behavioral patterns faster than they can be exploited. If a network lacks this dedicated focus, it is only a matter of time before the next major fraud scheme emerges."

The Konfety mobile ad fraud operation uncovered by HUMAN's Satori team in mid-2024 generated 10 billion fraudulent ad requests per day using evil twin apps built on the CaramelAds SDK. That case illustrated how industrialized fake install infrastructure has become. The 2026 AppsFlyer report suggests the infrastructure continues to scale. Across 106.4 billion installs analyzed, fraud is not concentrated in a small number of unusual events - it is distributed systematically through the channels and verticals where marketing investment is highest.

Timeline

  • Q1 2025: Data collection period begins. Android Gambling fraud rate at 49%. Overall iOS fraud rate at 17.5%. Finance affiliate share of fraud at 58%. UK affiliate fraud share at 42%.
  • Q2 2025: Social Media on iOS reaches 275% Real Users Lift - three in four installs fake for a full quarter. Store validation fraud peaks at 73.1% of all detected iOS fraud.
  • July 2025: AppsFlyer launches AI-powered MCP connecting attribution data to large language models.
  • August 2025Federal prosecutors charge three mobile advertising executives in a $25 million round-tripping fraud scheme involving Near Intelligence and MobileFuse.
  • September 2025DoubleVerify discloses escalation in AI-powered fraudulent mobile applications.
  • Q4 2025: Android Gambling fraud peaks at 64%. Real Users Lift in Gambling Android hits 175%. Spain store validation peaks at 81.7%. Finance Android Real Users Lift locked at 50-53% for fourth consecutive quarter.
  • November 2025AppsFlyer releases eight products including Enhanced Attribution Model with AI fraud detection. IAS receives MRC accreditation for Amazon DSP invalid traffic measurement.
  • Q1 2026: Affiliate-to-SRN fraud gap widens to 36x. Android Gambling fraud rate at 59%. iOS overall fraud falls to 11.7%, crossing below Android for the first time. Store validation share falls to 50.8% as behavioral anomaly fraud rises.
  • June 10, 2026: AppsFlyer publishes State of Fraud for Marketers 2026 covering Q1 2025 to Q1 2026 across 246,000 apps and 106.4 billion total installs.

Summary

Who: AppsFlyer, a marketing measurement and attribution platform, with expert commentary from adjoe VP Business Operations Igor Myrgorodskyi, Exness Head of Partnership Anti-Fraud Mark Moiseev, and InMobi VP Product Management Puneet Agarwal.

What: The State of Fraud for Marketers 2026 is a quantitative analysis of mobile ad fraud patterns across platforms, verticals, channels, and techniques. Its central finding is that organic traffic - at 52 per cent of all fraudulent installs - is now the single largest fraud channel. DSP fraud grew 59 per cent year over year. Owned media fraud grew 221 per cent. Spoofing was the fastest-rising fraud technique of 2025. The affiliate-to-SRN fraud gap reached 36x.

When: The report covers Q1 2025 through Q1 2026, published June 10, 2026.

Where: Global analysis across 246,000 apps and 106.4 billion total installs, with regional breakdowns for the US, UK, India, Brazil, Pakistan, Vietnam, Singapore, Spain, and other major markets across iOS and Android.

Why: Detection improvements in high-visibility channels are consistently pushing fraudulent traffic toward channels with less scrutiny - organic, owned media, DSP inventory. The organic fraud problem matters specifically because organic is the benchmark against which paid campaign performance is measured. When that benchmark is inflated, every downstream measurement depending on it is distorted.