Ad mediation

What is Ad mediation?

Ad mediation is a technology layer that allows mobile app publishers to manage multiple ad networks through a single platform. Instead of integrating various network SDKs individually, publishers use one mediation SDK. This system sends ad requests to multiple networks, which then compete, ensuring the highest-paying ad gets served.

How Ad mediation Works

USER SESSION
      β”‚
      β–Ό
+---------------------+
β”‚ App Requests Ad     β”‚
β”‚ (via Mediation SDK) β”‚
+---------------------+
      β”‚
      β–Ό
+-------------------------+      +------------------+
β”‚   Mediation Platform    β”‚β—„-─-── Fraud Detection  β”‚
β”‚  analisa & optimises   β”‚      β”‚ (Pre-Bid Analysis) β”‚
+-------------------------+      +------------------+
      β”‚                                β–²
      β”œβ”€[WATERFALL]--------------------β”‚
      β”‚ 1. Network A (Highest eCPM)    β”‚
      β”‚ 2. Network B                   β”‚
      β”‚ 3. Network C                   β”‚
      β”‚                                β”‚
      └─[IN-APP BIDDING]---------------β”˜
        (Simultaneous Auction)

      β”‚
      β–Ό
+---------------------+
β”‚ Winning Ad Network  β”‚
+---------------------+
      β”‚
      β–Ό
+---------------------+
β”‚ Ad Displayed in App β”‚
+---------------------+
Ad mediation streamlines the process of filling ad inventory by creating a competitive environment among multiple ad networks. At its core, it acts as an intelligent switchboard, routing ad requests to the network most likely to provide the highest revenue for a given impression while filtering out invalid or fraudulent traffic. This process is managed through a single SDK (Software Development Kit) integrated into the publisher’s application.

Initial Ad Request and Pre-Bid Analysis

When a user opens an app and reaches a point where an ad can be shown, the app’s integrated mediation SDK sends an ad request to the mediation platform. Before this request is sent out to the ad networks, it often passes through a preliminary fraud detection layer. This pre-bid analysis inspects the request for signs of invalid traffic (IVT), such as requests from known bot-infested IP addresses, suspicious device IDs, or outdated app versions commonly used in fraud schemes. This initial check is crucial for preventing fraudulent requests from ever reaching the ad networks, saving resources and protecting the integrity of the auction.

Auction and Network Selection

Once a request is deemed legitimate, the mediation platform initiates an auction. There are two primary models for this: the traditional “waterfall” and the more modern “in-app bidding.” In a waterfall model, networks are called sequentially based on their historical eCPM (effective Cost Per Mille). If the top network can’t fill the ad, the request “falls” to the next one in line. In-app bidding, conversely, holds a simultaneous auction where all participating networks bid in real-time. This unified auction model is generally more effective at maximizing revenue as it ensures the highest bidder always wins. Throughout this process, fraud detection systems continue to monitor for anomalies.

Serving the Ad and Post-Bid Analysis

The ad from the winning network is delivered back through the SDK and displayed to the user. But the security process doesn’t end there. Post-bid analysis and continuous monitoring are vital. After an ad is served, the system tracks engagement metrics like clicks and conversions. Any unusual patterns, such as an abnormally high click-through rate from a specific device or an instant conversion after a click, are flagged. This data helps refine the fraud detection algorithms, block malicious actors in future auctions, and ensure advertisers are only paying for genuine user interactions.

Breakdown of the ASCII Diagram

USER SESSION to App Requests Ad

This represents the start of the process, where a user’s activity within the app triggers an opportunity for an ad to be displayed. The request is packaged and sent via the mediation SDK.

Mediation Platform & Fraud Detection (Pre-Bid)

This is the central hub. The mediation platform receives the request and, critically, cross-references it with its fraud detection module. This pre-bid check is a first line of defense, filtering out obviously invalid requests before they enter the auction, preserving the quality of the inventory.

[WATERFALL] vs. [IN-APP BIDDING]

This shows the two main methods of auctioning the ad space. The waterfall is a sequential, priority-based system, while in-app bidding is a parallel, real-time auction. Fraud detection logic is applied in both models to ensure the networks participating are legitimate and the bids are not from fraudulent sources.

Winning Ad Network to Ad Displayed

This final stage represents the successful delivery of an ad from the highest legitimate bidder back to the user’s device. The entire flow is designed to be fast and seamless from the user’s perspective, while incorporating multiple security checks behind the scenes to protect the publisher and advertiser.

🧠 Core Detection Logic

Example 1: IP Reputation and Blacklisting

This logic prevents participation from IP addresses known for fraudulent activity. It operates at the earliest stage of the ad request, acting as a gatekeeper. By checking against a dynamic blacklist of data center IPs, known proxies, and addresses with a history of bot traffic, it filters out a significant portion of non-human traffic before it can consume resources.

FUNCTION handle_ad_request(request):
  ip_address = request.get_ip()
  
  // Check against known bad IP lists (data centers, proxies, bots)
  IF is_blacklisted(ip_address):
    REJECT request_with_reason("Blocked IP")
    RETURN NULL
  
  // Check for abnormal frequency from the same IP
  click_count = get_clicks_from_ip(ip_address, last_hour)
  IF click_count > 50:
    REJECT request_with_reason("High Frequency IP")
    ADD_to_blacklist(ip_address)
    RETURN NULL
    
  // If clean, proceed to mediation auction
  PROCEED_to_mediation(request)

Example 2: Session Heuristics and Behavioral Analysis

This logic analyzes user behavior within a single session to determine legitimacy. It looks for patterns that are uncharacteristic of genuine human interaction. For example, a click that happens fractions of a second after an ad loads is likely automated. This check happens post-impression, helping to invalidate fraudulent clicks and refine future filtering rules.

FUNCTION analyze_ad_click(click_event):
  session_data = get_session_info(click_event.session_id)
  
  // Time between ad load and click
  time_to_click = click_event.timestamp - session_data.ad_load_time
  IF time_to_click < 1.0: // Less than 1 second
    FLAG_AS_FRAUD(click_event, "Click Too Fast")
    RETURN
    
  // Check for missing or minimal user interactions
  IF session_data.mouse_movements < 5 AND session_data.scroll_events == 0:
    FLAG_AS_FRAUD(click_event, "No Human-like Interaction")
    RETURN
    
  // All checks passed
  VALIDATE_CLICK(click_event)

Example 3: Geo Mismatch Detection

This logic validates that the geographical data associated with a request is consistent. Fraudsters often use proxies or VPNs to mask their true location, leading to discrepancies between the IP address's location and the device's stated language or timezone. This check is crucial for identifying sophisticated attempts to bypass simpler IP-based blocking.

FUNCTION validate_geo_data(request):
  ip_geo = get_geo_from_ip(request.ip) // e.g., "Germany"
  device_lang = request.device.language // e.g., "en-US"
  device_tz = request.device.timezone // e.g., "America/New_York"

  // Simple mismatch check
  IF ip_geo == "Vietnam" AND device_lang == "en-US":
    FLAG_AS_SUSPICIOUS(request, "Geo Mismatch: IP vs Language")
    
  // Timezone vs IP country check
  tz_country = get_country_from_tz(device_tz) // e.g., "USA"
  IF ip_geo != tz_country:
    FLAG_AS_SUSPICIOUS(request, "Geo Mismatch: IP vs Timezone")
    
  // If suspicious, may require further checks or be blocked
  IF is_suspicious(request):
     INCREASE_FRAUD_SCORE(request)

πŸ“ˆ Practical Use Cases for Businesses

  • Campaign Budget Protection – By filtering out bot clicks and other forms of invalid traffic, ad mediation ensures that advertising budgets are spent on reaching real, potential customers, directly improving return on ad spend (ROAS).
  • Data Integrity for Analytics – It cleans the traffic data that feeds into analytics platforms. This provides businesses with accurate metrics on user engagement and campaign performance, leading to better strategic decisions.
  • Enhanced User Acquisition Quality – By weeding out fraudulent installs and fake user events, mediation helps businesses acquire genuine users, leading to higher lifetime value (LTV) and more accurate performance marketing analysis.
  • Reduced Ad Spend Waste – It prevents advertisers from paying for clicks and impressions that have no chance of converting, such as those from data centers or automated scripts, directly preserving marketing funds for legitimate opportunities.
  • Improved Publisher Reputation – For publishers, serving clean, fraud-free traffic to advertisers builds trust and encourages more ad networks to bid on their inventory, leading to higher and more stable ad revenue over time.

Example 1: Geofencing Rule for a Local Business

A local retail business wants to ensure its ads are only shown to users within a 50-mile radius of its stores. This logic uses the device's GPS data (if available) or IP-based geolocation to filter out traffic from outside the target area, preventing budget waste on irrelevant impressions.

FUNCTION handle_ad_request(request):
  user_location = get_location(request.device_id, request.ip)
  business_locations = ["lat/long_1", "lat/long_2"]
  
  is_within_radius = FALSE
  FOR store_loc in business_locations:
    IF calculate_distance(user_location, store_loc) <= 50:
      is_within_radius = TRUE
      BREAK

  IF is_within_radius == FALSE:
    REJECT request_with_reason("Outside Geofence")
  ELSE:
    PROCEED_to_mediation(request)

Example 2: Session Scoring for Conversion Fraud

An e-commerce app notices a pattern of fraudulent conversions. This logic scores each user session based on a series of actions. A session with a high score is deemed legitimate, while a low score (e.g., install-to-purchase time of 2 seconds) indicates fraud and the conversion is flagged for investigation.

FUNCTION score_session_authenticity(session):
  score = 100
  
  // Penalty for impossibly fast conversion
  IF (session.purchase_time - session.install_time) < 10: // 10 seconds
    score = score - 80
    
  // Penalty for no pre-conversion activity
  IF session.product_views < 1 AND session.add_to_cart_events == 0:
    score = score - 50
    
  // Bonus for human-like behavior
  IF session.scroll_depth > 75:
    score = score + 10
    
  IF score < 50:
    FLAG_AS_FRAUDULENT(session)
  
  RETURN score

🐍 Python Code Examples

This Python function simulates checking an incoming ad click against a known list of fraudulent IP addresses. It's a fundamental step in pre-bid fraud filtering to immediately reject traffic from sources that have already been identified as malicious or non-human.

# A simple set of blacklisted IP addresses (e.g., known data centers, proxies)
FRAUDULENT_IPS = {"198.51.100.1", "203.0.113.25", "192.0.2.14"}

def block_known_fraudulent_ips(click_request):
    """
    Checks if the click's IP address is in a blacklist.
    Returns True if the click should be blocked, False otherwise.
    """
    ip_address = click_request.get("ip")
    if ip_address in FRAUDULENT_IPS:
        print(f"Blocking fraudulent click from IP: {ip_address}")
        return True
    print(f"Allowing legitimate click from IP: {ip_address}")
    return False

# Example usage:
click_1 = {"click_id": "abc-123", "ip": "8.8.8.8"}
click_2 = {"click_id": "def-456", "ip": "198.51.100.1"}

block_known_fraudulent_ips(click_1) # Returns False
block_known_fraudulent_ips(click_2) # Returns True

This code analyzes the time difference between an ad impression and a click (Click-to-Time, CTT). An impossibly short duration is a strong indicator of an automated bot, as a real human requires time to process information and react.

import datetime

def detect_abnormal_click_timing(impression_time, click_time):
    """
    Analyzes the time between an impression and a click.
    Flags clicks that happen too quickly as suspicious.
    """
    time_delta = click_time - impression_time
    # A real user is unlikely to click in under 0.5 seconds
    if time_delta.total_seconds() < 0.5:
        print(f"Suspiciously fast click detected: {time_delta.total_seconds()}s")
        return "SUSPICIOUS"
    return "VALID"

# Example usage:
impression_event_time = datetime.datetime.now()
# Simulate a bot click 100ms later
bot_click_time = impression_event_time + datetime.timedelta(milliseconds=100)
# Simulate a human click 2 seconds later
human_click_time = impression_event_time + datetime.timedelta(seconds=2)

detect_abnormal_click_timing(impression_event_time, bot_click_time) # Returns "SUSPICIOUS"
detect_abnormal_click_timing(impression_event_time, human_click_time) # Returns "VALID"

Types of Ad mediation

  • Waterfall Mediation - The traditional method where ad networks are arranged in a sequence and called one by one based on historical eCPM. If the first network cannot fill the ad request, it passes to the second, and so on. This method risks lower revenue if a lower-ranked network would have paid more.
  • In-App Bidding - Often called header bidding, this modern approach allows all ad networks to bid on an impression simultaneously in a real-time auction. This ensures the publisher receives the highest possible price for each ad spot and is more efficient at preventing revenue loss compared to the waterfall method.
  • Hybrid Mediation - This model combines waterfall and in-app bidding. An auction is run first with bidding-enabled networks. The winning bid then competes against the sequentially called networks in the waterfall. This approach leverages the benefits of both systems to maximize fill rates and revenue.
  • Custom Mediation - A publisher-controlled system where specific rules and priorities are manually configured. This might involve creating custom events to call ad networks not officially supported by the mediation platform or setting up complex waterfall arrangements based on proprietary business logic and fraud analysis.

πŸ›‘οΈ Common Detection Techniques

  • IP Blacklisting – This technique involves maintaining and checking against a list of IP addresses known to be sources of invalid traffic, such as data centers, VPNs, and known bot networks. It serves as a first line of defense to block non-human traffic before an ad is even served.
  • Click Timestamp Analysis – This method analyzes the time between an ad impression and the subsequent click. Clicks that occur too quickly (e.g., within milliseconds) are flagged as fraudulent because they indicate automated behavior rather than genuine human interaction.
  • Behavioral Heuristics – This involves analyzing in-app user actions to distinguish bots from humans. It looks for patterns like the absence of screen scrolling, lack of mouse movement, or impossibly linear navigation paths, which are all strong indicators of non-human activity.
  • Geographic Mismatch – This technique cross-references the location of a user's IP address with other device-specific data, such as their language settings or timezone. A significant mismatch, like a Russian IP with a US English language setting, is a red flag for proxy usage or location spoofing.
  • Device and SDK Signature Analysis – Fraudsters often use outdated or modified app SDKs and emulated devices. This technique inspects the digital signature of the device and the SDK version making the ad request to identify and block known fraudulent configurations or emulators.

🧰 Popular Tools & Services

Tool Description Pros Cons
Google AdMob A widely used platform that offers robust ad mediation, allowing publishers to manage multiple ad networks. It includes features for both waterfall and bidding models, with automated optimization to maximize revenue. Strong integration with Google's ad ecosystem, powerful reporting, supports over 30 major networks, and offers real-time eCPM features. Can have a complex setup process for beginners, and full data transparency is not always available for non-Google networks.
ironSource A leading mediation platform popular among mobile game developers. It provides a hybrid solution combining in-app bidding with a traditional waterfall to maximize eCPMs and fill rates across numerous ad networks. Excellent for monetizing mobile games, supports various ad formats including rewarded video and offerwalls, and offers customizable monetization strategies. Primarily focused on the gaming vertical, which may be less optimal for non-gaming apps. Some advanced features may require a learning curve.
AppLovin MAX A comprehensive in-app bidding solution designed to increase competition and drive higher ad revenue. It acts as an unbiased auction, allowing various demand sources to compete for every impression in real-time. Promotes a fair, unified auction model; robust A/B testing capabilities to optimize performance; strong analytics and reporting tools. As a primarily bidding-focused solution, it may require a different strategic approach than traditional waterfall management.
ClickCease A specialized click fraud detection and prevention service that integrates with advertising platforms. It automatically blocks invalid traffic from bots and competitors in real-time to protect ad budgets. Focuses specifically on fraud detection, provides detailed reporting on blocked sources, and supports major platforms like Google and Facebook Ads. It's a dedicated fraud protection tool, not an ad mediation platform itself, and thus must be used in conjunction with one. It adds an extra cost to the ad tech stack.

πŸ“Š KPI & Metrics

Tracking the right KPIs is crucial for evaluating the effectiveness of ad mediation in fraud prevention. Success requires measuring not only the accuracy of fraud detection but also its impact on business outcomes like revenue and user acquisition costs. A balanced view ensures that anti-fraud measures are not incorrectly blocking legitimate traffic.

Metric Name Description Business Relevance
Invalid Traffic (IVT) Rate The percentage of total traffic (impressions or clicks) identified as fraudulent or non-human. A primary indicator of the overall health of ad traffic and the effectiveness of initial filtering.
Fraud Detection Rate The percentage of all fraudulent activity that the system successfully detects and blocks. Measures the accuracy and effectiveness of the fraud prevention tool itself.
False Positive Rate The percentage of legitimate traffic that is incorrectly flagged as fraudulent. A high rate can lead to lost revenue and poor user experience, indicating filters are too aggressive.
Clean eCPM (effective Cost Per Mille) The average revenue generated per 1,000 impressions after invalid traffic has been removed. Reflects the true value of the ad inventory and the profitability of the mediation setup.
Return on Ad Spend (ROAS) Measures the gross revenue generated for every dollar spent on advertising, focusing on clean traffic. Directly shows how fraud prevention impacts the profitability and success of advertising campaigns.

These metrics are typically monitored through real-time dashboards provided by the mediation or fraud detection platform. Alerts can be configured to flag sudden spikes in IVT rates or other anomalies. This continuous feedback loop is essential for optimizing fraud filters, adjusting detection sensitivity, and ensuring that efforts to block bad traffic do not inadvertently harm the ability to monetize legitimate users.

πŸ†š Comparison with Other Detection Methods

Accuracy and Adaptability

Compared to static signature-based filters, which rely on known fraud patterns, ad mediation platforms with integrated machine learning are far more adaptive. Signature-based methods can be effective against known bots but fail against new or sophisticated attacks. Ad mediation systems can analyze traffic in real-time, using behavioral heuristics and anomaly detection to identify and block emerging threats that a static rule-based system would miss.

Real-Time vs. Post-Campaign Analysis

Ad mediation provides pre-bid and real-time detection, which is a significant advantage over methods that rely solely on post-campaign analysis. While post-campaign analysis can identify fraud after the fact and help reclaim ad spend, it doesn't prevent the initial waste or the skewing of in-flight campaign data. Real-time blocking within the mediation layer protects the budget from the start and ensures that campaign optimization is based on cleaner data.

Scalability and Integration

Ad mediation offers superior scalability for publishers. Manually managing multiple ad network SDKs and separate fraud detection tools is inefficient and prone to error. A mediation platform unifies dozens of networks and embeds fraud detection within a single integration. This contrasts with standalone CAPTCHA services or third-party verification tools, which add latency and require separate management, making them less scalable for apps with a complex monetization stack.

⚠️ Limitations & Drawbacks

While ad mediation is a powerful tool for revenue optimization and fraud prevention, it is not without its limitations. Its effectiveness can be constrained by technical complexity, the sophistication of fraud schemes, and potential performance overhead, making it less suitable in certain scenarios.

  • Increased Latency – The process of calling multiple ad networks, even in a parallel auction, adds a slight delay to ad loading times, which can impact user experience.
  • SDK Bloat – Although a single mediation SDK is used, adapters for each ad network are also required, which can increase the overall size of the application.
  • Limited Transparency – Some mediation platforms operate as a "black box," offering limited insight into why certain networks win or why traffic is flagged, making manual optimization difficult.
  • False Positives – Overly aggressive fraud detection rules can incorrectly block legitimate users, leading to lost revenue and potential user frustration.
  • Incomplete Data Sharing – Major ad networks like Google and Facebook do not always share all of their bidding data with third-party mediation platforms, which can limit the platform's ability to fully optimize.
  • Vulnerability to Sophisticated Bots – Advanced bots can mimic human behavior closely enough to bypass standard heuristic and behavioral checks, requiring more advanced and costly detection layers.

In cases where latency is critical or fraud is highly sophisticated, a hybrid approach combining mediation with specialized third-party fraud detection services might be more effective.

❓ Frequently Asked Questions

How does ad mediation differ from using a single ad network?

Using a single ad network limits you to its demand pool and pricing. Ad mediation introduces competition by allowing multiple networks to bid for your ad inventory, which typically increases revenue and fill rates. It also provides a centralized point for managing networks and applying consistent fraud detection rules across all of them.

Can ad mediation block all types of ad fraud?

No system can block all fraud. While ad mediation is effective at stopping common types of invalid traffic like simple bots and data center traffic, highly sophisticated fraud like attribution hijacking or advanced bots may require specialized, dedicated fraud prevention tools. Mediation is a powerful first line of defense, but not an absolute guarantee.

Does using ad mediation hurt app performance?

It can introduce a small amount of latency because the mediation SDK needs to communicate with multiple networks before an ad can be served. However, modern platforms using in-app bidding optimize this process to be highly efficient. The revenue gains from mediation usually far outweigh any minor performance impact.

Is ad mediation the same as header bidding?

Not exactly. Header bidding (or in-app bidding) is a specific method used within modern ad mediation platforms. Traditional mediation used the "waterfall" method. Today, most advanced mediation platforms use in-app bidding as their core technology to run a unified, real-time auction, as it is more efficient and profitable.

How do I choose the right ad networks for my mediation stack?

Start by analyzing your audience geography and the ad formats you use. Some networks perform better in specific regions or with certain ad types (e.g., rewarded video vs. banners). Test a mix of large, global networks and smaller, specialized ones. Monitor performance metrics like eCPM and fill rate to continuously optimize your network selection.

🧾 Summary

Ad mediation is an essential technology for app publishers that optimizes ad revenue by managing multiple ad networks through one central platform. In the context of fraud prevention, it acts as a critical gatekeeper, using techniques like IP blacklisting and behavioral analysis to filter invalid traffic before serving an ad. By fostering competition and cleaning traffic, it protects ad budgets and ensures data accuracy.