Device Anomaly Detection
What it detects
Fraudulent traffic farms often use old, unpatched devices or emulate outdated OS versions to avoid detection. When a disproportionate share of your traffic comes from devices with outdated OS or browser versions — versions rarely seen in legitimate user populations — it indicates bot or device farm activity. Device Anomaly Detection blocks this traffic once it crosses a configurable threshold.
How it works
Integr8 tracks the distribution of OS and browser versions in your traffic. When the percentage of traffic from devices below your configured minimum version exceeds the threshold within the lookback window, clicks from those devices are blocked.
The filter operates at publisher or sub ID level, so a single fraudulent source doesn’t affect your other publishers.
Configuration
Navigate to Fraud Prevention > Device Fraud > Device Anomaly Detection to configure.
| Parameter | Default | Range | Description |
|---|---|---|---|
threshold_percentage | 50% | 1–100% | Percentage of traffic from old devices before blocking activates |
min_click_count | 100 | 1–100,000 | Minimum clicks before threshold is evaluated |
lookback_time | 24 h | 1–168 h | Time window for measuring device distribution |
check_by_subid | false | true, false | Evaluate at sub ID level instead of publisher level |
min_os_version | (varies by OS) | — | Minimum acceptable OS version per platform (Android, iOS, Windows, macOS) |
min_browser_version | (varies) | — | Minimum acceptable browser version |
What happens when triggered
When the threshold is exceeded:
- Clicks from devices below the minimum version requirement are rejected with
fraud_reason: device_anomaly. - The filter auto-recovers when the traffic distribution returns within bounds.
Review blocked traffic in Reports > Click Reports filtered by fraud_reason: device_anomaly.
Related filters
- Emulator and Bots — detects traffic from emulators and automated tools
- Device ID Check — validates device ID format on incoming requests