SDK Signature

    The SDK Signature is an anti-spoofing feature that allows for suspicious event detection.

    Understanding the SDK Signature

    Attention

    The SDK Signature is supported for event collection via the Airbridge SDK only and is not supported for event collection via server-to-server API. The SDK Signature is supported for the following Airbridge SDK versions.

    SDK spoofing is a type of fraud, creating fake app events with data from real devices. By implementing the SDK Signature, SDK spoofing can be prevented using credentials for enhanced security.

    SDK Signature Credentials

    A set of SDK Signature Credentials consists of a Secret ID and Secret, which is used to validate the events collected by the Airbridge SDK and the Airbridge server. Access to the credentials is limited to authorized users only.

    You can create the SDK Signature Credentials in Airbridge and toggle them to activate or deactivate them. For the SDK Signature feature to work, the Airbridge SDK must be configured using the activated credentials.

    Implementing the SDK Signature

    Navigate to [Management]>[Fraud Validation Rules] in the Airbridge dashboard and select the [SDK Signature] tab.

    Configuring the SDK Signature Credentials

    In the SDK Signature Credentials section, the SDK Signature Credentials can be created and activated or deactivated.

    Create SDK Signature Credentials

    Ask your developer for help

    The Airbridge SDK needs to be configured with the SDK Signature Credentials by a developer.

    Click Create new credentials to create a new set of credentials consisting of a Secret ID and a Secret. By default, the credentials are activated. Multiple sets of credentials can be created and activated. Once created, the credentials cannot be deleted.

    After creating new credentials, the Airbridge SDK must be configured using the Secret ID and Secret to implement the SDK Signature feature. If this process is not completed, the credentials cannot be used to validate events.

    The following articles shall be shared with your developer along with the SDK Signature Credentials. To view the Secret, the Airbridge account password is required for verification.

    Activate SDK Signature Credentials

    Attention

    For the SDK Signature feature to work, the Airbridge SDK must be configured using the activated SDK Signature Credentials.

    You can use the toggle to activate or deactivate credentials. Only activated credentials are used for event validation. If you deactivate a set of credentials that have been used to configure the Airbridge SDK, the deactivated credentials will no longer be used to validate events collected by the SDK.

    Selecting the Prevention Level

    Attention

    It is advised to start from "Prevention Level 1" and switch to higher levels after consulting with your media partner, as the prevention level setting may have a direct impact on the ad performance.

    The anomalous events detected by the SDK Signature feature are processed according to the set prevention level, which is applied to all credentials. Level 1 is set by default. To switch to higher levels, select Level 2 or Level 3 and click Save Changes.

    Enabling the SDK Signature

    The following actions must be completed before enabling the SDK Signature.

    • Create SDK Signature Credentials and switch on the toggle to activate them

    • Configure the Airbridge SDK using the activated SDK Signature Credentials

    • Select the prevention level

    Once you have completed the above steps, click Enable SDK Signature to enable the SDK Signature feature. The activated credentials will be used to detect fraudulent events from the event data collected by the SDK. If credentials are created but not activated, the SDK Signature feature won’t work.

    To disable the SDK Signature feature, click Disable SDK Signature.

    Reporting

    The suspicious events are tagged with the Conversion Fraud Tag, Fraud_Conversion_InvalidSDKSignature. The following Fraud Tags provide further information about why the event is considered suspicious.

    Fraud Tag

    Description

    SDKSignatureFraud/invalidSignature

    Events considered suspicious due to the inability to use the Secret for validation

    SDKSignatureFraud/invalidSignatureSecretID

    Events considered suspicious due to the inability to use the Secret for validation

    The suspicious events tagged by the set rules can be viewed in your Airbridge reports and raw data export files.

    Attention

    Was this page helpful?

    Have any questions or suggestions?