Device ID Obfuscation: How Fraudsters Make 1 Device Look Like 300 Featured Image

Device ID Obfuscation: How Fraudsters Make 1 Device Look Like 300

 The ability to re-identify a user’s device helps prevent multi-accounting, ban evasion, and helps with the authentication of returning users. But legacy device fingerprinting solutions haven’t kept up with the advancement of fraud tools, and today’s fraudsters are much better at outfoxing device fingerprints to abuse platforms free of consequence. 

For those who prefer listening over reading, we've provided an audio transcription player below, allowing you to enjoy this post through your speakers or headphones.

Device ID Obfuscation: How Fraudsters Make 1 Device Look Like 300
4:04

You can’t access an app without using a device. Even if that device is on an emulator or it’s been tampered with, everyone who accesses a platform has to use a device to do so. That gives device ID tremendous potential as an authentication and anti-fraud signal, but it also makes it a huge target for fraudsters to spoof and obfuscate. 

Put differently, being able to consistently link devices to users means you can stop a lot of fraud, like multi-accounting, promo and voucher abuse, and ban evasion. But because it’s such a good signal for stopping repeat fraudsters, fraudsters have invested a lot of time into finding ways to dupe traditional device fingerprinting methods. 

If you can make one device look like many, you can hide organized fraud and maintain access to your target platform indefinitely. 

Key TakeAways

  • Fraudster use tools like emulators, app tamperers, app cloners, and even simple factory resets to manipulate their device ID 
  • Manipulating a device ID helps a fraudster evade bans and create multiple accounts to scale their fraud 
  • Adding additional signals like tamper detection and location intelligence to a device ID solution can help identify obfuscation attempts and allow fraud fighters to see through them 

Factory resets and app re-installations 

Some device IDs and fingerprinting solutions are so weak, even reinstalling the app is enough to get past them. If that doesn’t work, fraudsters can also wipe the slate clean by factory resetting their device. To the digital eyes of the platform, the newly-reset device might as well be a brand new one straight out of the box. These are the easiest ways to obfuscate a device ID, but they’re not the most efficient. For that, fraudsters turn to more technical tools.

Emulators 

Emulators are computer programs that can emulate a mobile device—essentially, a virtual smartphone on a desktop computer. Because the devices on an emulator are only virtual emulations and not actual devices, it’s easy to manipulate their parameters, including screen resolution, operating system version, and a host of other attributes that device fingerprints use to ID a device. Even if that were to somehow fail, it’s easy enough to just create a brand new virtual device to replace the old one. 

App cloners 

App cloners are fraud-as-a-service (FaaS) tools that fraudsters use to run multiple instances of an app on the same device at the same time. This allows them to quickly create multiple accounts and to switch between existing accounts more easily. Like we see in the image below, some app cloners allow users to customize the attributes of the “device” reported to own each instance of the app that runs.

Screen Shot 2024-09-11 at 8.50.39 AM

This creates the illusion that these app instances are all running on different devices, but in reality, there’s only one device at play. 

In one case Incognia saw, a fraudster using an app cloner was able to create around 400 different accounts. Using those accounts, that fraudster was able to claim almost 2,000 euros worth of vouchers in a 30-day period.

Enhancing device ID with location for persistent device-to-identity binding 

Legacy device fingerprinting solutions aren’t persistent enough to stand up to today’s fraudsters. Stronger device fingerprinting, including tamper detection and secondary signals, is the next generation in device-to-identity binding. 

In Incognia’s case, we combine our device ID solution with location intelligence to help identify device ID obfuscation attempts and identify users even when they manipulate their device’s fingerprint or even switch devices entirely. 

Fraudsters aren’t going anywhere, and using an outdated device fingerprinting solution makes a platform easy pickings for multi-accounting, ban evasion, and other types of fraud and abuse. 

To learn more about how Incognia is bringing device fingerprinting to the next level, visit our solutions page here.