What is a fraudulent device?
Fraudulent devices can be created through:
Jailbreaking – Removing software restrictions on an Apple device running iOS to modify the OS, install non-approved apps, and gain admin-level privileges. Kernel patches permit root access, allowing the installation of software not available through the app store. This creates security issues because much of the built-in security is lost, including verified app security. Thus, the device can be used maliciously by the owner or hackers.
Rooting, or cracking – This is similar to gaining admin privileges through jailbreaking, but it is specific to Android devices. Many Android device manufacturers permit users to unlock their devices and to add apps that are not officially approved. This less-robust security can lead to malicious use of a device, which is one reason why the majority of fraudulent devices used for fraud are Android devices.
Tampering
Flashing, or replacing the OS and resetting a device to factory settings – This creates a new device identifier and sidesteps attempts to detect, via device fingerprinting, that too many accounts are associated with a device.
Fraudulent devices that fall into these categories can be detected in a variety of ways, including looking for telltale code, file permissions, and APIs.
The most common fraudulent devices, the type that Ping encounters and exposes most often, are created using emulators. Emulators allow a large number of virtual devices to be created, often cloning the same device over and over, and avoids the need to purchase and set up a variety of different devices with different OSs. Emulators can be used to spoof other devices and clone devices to create many virtual devices.
Emulators are legal, useful tools developers use to test apps on different devices and OSs without purchasing every possible device and OS combination. They can create virtual versions of every iPhone or Android phone and test how an app runs on each to detect bugs and other programming problems.
Gamers use emulators to play games made for other platforms without buying multiple systems. For example, emulators can allow a PC to play games created for Playstation or Xbox.
Fraudulent mobile devices are created by bad actors using device emulators to run on computers, on servers, or within web browsers to simulate different types of mobile devices virtually.