Fraud & security glossary

Device Intelligence & Identification

Device Fingerprinting

The process of collecting and analyzing hardware, software, and behavioral attributes of a device to create a unique, persistent identifier. Used for fraud detection, multi-accounting prevention, and returning user recognition. Unlike cookies, device fingerprints can survive app reinstalls and browser resets.

Device ID

A stable identifier assigned to a device based on hardware and software signals. Deep ID's Device ID persists across app reinstalls, factory resets, and tampering attempts, making it resistant to reset fraud.

Device Graph

A network mapping relationships between devices, accounts, and behavioral patterns. Device graphs expose fraud rings by linking devices that share attributes (network, timing, hardware) even when using different accounts.

Smart Signals

Contextual risk indicators collected from a device alongside identification. Examples include VPN detection, root/jailbreak status, emulator detection, hooking framework presence, and SIM integrity. Deep ID provides 100+ Smart Signals per API call.

Trust Score

A composite risk rating derived from multiple device signals (identification confidence, integrity checks, behavioral patterns, historical reputation). Used for real-time policy decisions: allow, step-up verify, or block.

Mobile App Security

RASP (Runtime Application Self-Protection)

Security technology that runs inside an application to detect and prevent attacks in real-time. Unlike perimeter defenses (firewalls, WAFs), RASP operates at the application layer, detecting code injection, hooking, debugging, and tampering as they happen.

App Hardening

The process of applying multiple protection layers to a mobile application: code obfuscation, binary integrity checks, anti-debugging, anti-tampering, and runtime protection. Makes the app resistant to reverse engineering and runtime manipulation.

Anti-Frida

Detection of the Frida dynamic instrumentation toolkit, which attackers use to inject JavaScript into running app processes. Anti-Frida detection identifies Frida Server, Frida Gadget, and frida-trace through memory scanning, library detection, port monitoring, and behavioral analysis.

Anti-Hooking

Detection of frameworks that modify app behavior at runtime by intercepting function calls. Covers Frida, Xposed Framework, LSPosed, EdXposed, Cydia Substrate, and custom hooking libraries. Detection methods include PLT/GOT verification, inline hook scanning, and Zygote integrity checks.

Root Detection

Identification of devices where the user has gained superuser (root) access on Android or jailbreak access on iOS. Root enables kernel-level attack capabilities. Modern detection must handle Magisk (systemless root), MagiskHide/Shamiko (root concealment), and Play Integrity Fix (attestation bypass).

Emulator Detection

Identification of virtual device environments (BlueStacks, Nox, LDPlayer, Genymotion, Android Studio emulators) used for scaled fraud operations. Detection uses hardware sensor analysis, build property verification, OpenGL renderer strings, and behavioral fingerprinting.

Code Obfuscation

Transformation of application source code to make it difficult to understand when decompiled. Techniques include identifier renaming, control flow flattening, string encryption, and arithmetic encoding. Applied at build time to resist static analysis.

Fraud Types

Account Takeover (ATO)

Unauthorized access to a user's account, typically through credential stuffing (using breached username/password pairs), phishing, SIM swap (intercepting OTP), or session hijacking. Device intelligence helps by recognizing when an unrecognized device accesses a known account.

Multi-Accounting

Creation of multiple accounts by the same person or fraud ring, typically to exploit promotions, referral bonuses, or trial periods. Device fingerprinting links accounts created from the same device, even across reinstalls.

Promo Abuse

Exploitation of promotional offers, coupons, referral programs, or welcome bonuses through multi-accounting, emulators, app cloners, or device farms. Device fingerprinting and emulator detection are the primary defenses.

Device Farm

An operation using multiple physical devices or emulator instances to perform fraud at scale: mass account creation, bonus abuse, fake reviews, or ad fraud. Detected through device fingerprinting, emulator detection, and network pattern analysis.

SIM Swap

An attack where a fraudster convinces a telecom operator to port a victim's phone number to a new SIM card. The attacker then receives OTPs and SMS verification codes intended for the victim. SIM Binding detects the SIM change and blocks OTP delivery.

GPS Spoofing

Faking a device's GPS location using mock location apps or root-level tools. Used for ride-hailing fare manipulation, delivery fraud, location-based game cheating, and geo-restriction bypass. Detected through mock location API monitoring, sensor fusion, and movement plausibility analysis.

Credential Stuffing

Automated attack using breached username/password pairs to gain access to accounts on other services (exploiting password reuse). Detected through device fingerprinting (same device testing many credentials), rate limiting, and behavioral analysis.

Overlay Attack

A mobile attack where a malicious app draws a transparent window over a legitimate banking app, capturing credentials as the user types. Exploits Android's draw-over-other-apps permission and accessibility services. Detected through runtime overlay monitoring and accessibility service analysis.

Carrier & SIM Intelligence

SIM Binding

Technology that creates a cryptographic link between a device identity and a specific SIM card (using IMSI, ICCID, and carrier metadata). When the SIM changes, the binding breaks, alerting the application to a potential SIM swap or unauthorized SIM change.

IMSI (International Mobile Subscriber Identity)

A unique 15-digit number stored on a SIM card that identifies the subscriber to the mobile network. Used in SIM binding to detect SIM swaps — a changed IMSI on the same device indicates the SIM has been replaced.

Carrier Anomaly Detection

Monitoring for unusual changes in a device's carrier information: unexpected MNO switches, MVNO hopping, or VoIP-based phone numbers that indicate potential fraud or social engineering.

Compliance & Standards

PCI DSS 4.0

Payment Card Industry Data Security Standard version 4.0. Requires mobile payment apps to implement protections against reverse engineering, tampering, and runtime manipulation — addressed by RASP.

RBI Digital Lending Guidelines

Reserve Bank of India regulations requiring digital lenders to implement device binding, SIM swap detection, and anti-fraud measures in mobile applications.

DORA

EU Digital Operational Resilience Act. Requires financial entities to identify, protect against, and detect ICT-related threats to customer-facing applications, including mobile apps.

MAS TRM

Monetary Authority of Singapore Technology Risk Management guidelines. Requires mobile apps to implement code obfuscation, anti-debugging, anti-tampering, and jailbreak/root detection.