Device farms are a form of mobile ad fraud in which fraudsters manually simulate user interactions, such as clicks, app installs, and other engagement activities, to fabricate the appearance of genuine user behavior. This deceptive practice siphons advertising budgets by creating false activity.

What is a device farm?

A device farm is an illicit operation used in mobile ad fraud, where numerous devices are manually manipulated to simulate legitimate user activity, such as ad clicks, app installs, and other forms of mobile engagement. This type of fraud is illegal in most parts of the world, yet remains prevalent as mobile advertising budgets continue to rise. Device farms have become more sophisticated and widespread, posing a significant threat to digital marketers and app developers.

Also referred to as phone farms or click farms, these operations go beyond mobile ad fraud. They are also used to inflate social media followings, generate fake engagement on platforms, and artificially boost app store download counts, ratings, and reviews. By creating the illusion of popularity or activity, these farms deceive not only advertisers but also users who rely on ratings and engagement metrics to make decisions.

How device farms work

Device farms employ sophisticated techniques to evade detection and make their fraudulent activity appear legitimate. Fraudsters operating these farms use a variety of strategies, including:

• Rotating IP addresses – constantly using fresh or proxy IP addresses to avoid triggering red flags associated with repeated activity from a single source.
• Diverse device usage – operating with a wide range of devices to mimic the variability of real users across different models, operating systems, and screen sizes.
• Limit Ad Tracking (LAT) – enabling LAT on devices to prevent ad platforms from tracking true engagement, making detection more difficult.
• DeviceID reset fraud – resetting the DeviceID with each install to create the illusion of unique users. On a large scale, this is known as DeviceID Reset Marathon, where a single device generates multiple fraudulent installs or engagements by repeatedly resetting its ID.

Global presence of device farms

Although device farms are often associated with regions in Asia, this form of ad fraud is a global issue. Device farms exist in nearly every region, draining marketing budgets from businesses worldwide. The misconception that this is a region-specific problem may lead advertisers to underestimate the threat, while device farms continue to impact digital campaigns across the globe.

Why this matters

Device farms represent a serious threat to the mobile advertising ecosystem. The fraudulent activities they generate not only deplete advertising budgets but also distort key performance indicators (KPIs), making it challenging for marketers to accurately assess campaign success. This can lead to businesses investing in channels that appear to perform well, but are actually filled with fake traffic and interactions.

Additional tactics used by device farms

• Click injection and click spamming – manipulating attribution models by generating false clicks before or after legitimate user actions, stealing credit for app installs or purchases.
• Simulating real user behavior – using scripts or manual intervention to mimic user actions such as time spent on an app, ad interactions, or even in-app purchases, making the fraud harder to detect.

Combatting device farms

To fight against device farms, advertisers should implement advanced fraud detection measures such as:

• Behavioral analysis – spotting anomalies in engagement patterns that suggest fraudulent activity.
• Device fingerprinting – identifying and blocking known fraudulent devices based on unique identifiers.
• IP tracking – detecting suspicious traffic patterns by monitoring IP addresses and traffic sources.

Additionally, collaboration between advertisers, app developers, and ad platforms is crucial to sharing information on emerging threats and improving overall fraud prevention strategies.