Today’s scrapers don’t just send obvious automated requests. They rotate IPs, mimic browsers, replay sessions, simulate user behavior, and increasingly target mobile applications directly. For publishers, streaming platforms, ticketing companies, and retailers, that means traditional detection methods are no longer enough.
To stay ahead of evasive scraping and content abuse, we’re introducing two major enhancements to Akamai Content Protector:
Native mobile app traffic protection
A dynamic advanced validation framework (AVF) with interactive behavioral challenges
Together, these updates extend protection beyond the browser, improve detection precision, and reduce false positives, without compromising user experience.
Protect native mobile applications from scraping
Mobile applications are a growing target for scraping operations. Attackers reverse engineer APIs, automate traffic through emulators, and attempt to bypass browser-based defenses entirely. With the Native App Traffic Protection SDK, Content Protector now defends against unwanted bot activity in native mobile application traffic.
How the Native App Traffic Protection SDK works
As users interact with your native application, the SDK collects behavioral data from the device and securely sends it to the Content Protector detection engine for evaluation. This enables Akamai to:
Detect automated frameworks that are targeting mobile apps
Identify scripted abuse that bypasses browser controls
Apply the correct mobile-specific detection workflow
To enable this protection, customers configure their mobile app under a custom client definition, ensuring that Content Protector applies the appropriate detection logic to those requests.
It’s important to note that the SDK needs to be integrated into the app, and the app needs to be compiled and published to stores. If your mobile app serves traffic inside a WebView that supports JavaScript and cookies, that traffic is classified as web traffic. In that case, the Native App Traffic Protection SDK is not required.
Adaptive detection with the advanced validation framework
Modern scraping operations are designed to evade static detection. They mimic legitimate users and carefully manage request patterns to avoid triggering traditional controls.
Content Protector relies on numerous detection methods, each requiring specific signals. If a detection method lacks sufficient information to make a confident decision, the new AVF dynamically requests additional data from the device.
This makes detection:
Adaptive and self-healing
More precise
Less prone to false positives
Rather than relying solely on passive data collection, Content Protector has always actively gathered the information needed to confidently distinguish legitimate users from evasive scrapers.
What's different now is that we only collect additional information when it's required. This way, we can keep the impact on end users to the absolute minimum, while making sure that we always have the required information. Challenges are only applied dynamically when and where they’re truly needed.
With a typical false-positive rate below 0.1% for most detection methods, legitimate users rarely encounter a challenge — and when they do, they won’t be re-challenged for at least 50 minutes.
Interactive behavioral challenge: Stopping human-like scrapers
The most evasive scraping tools attempt to simulate real-user behavior. That makes simple fingerprinting insufficient. AVF introduces an opt-in interactive behavioral challenge that evaluates how users actually interact with the page.
Unlike traditional transparent challenges that collect only device fingerprints, this method gathers rich behavioral telemetry, including:
Mouse movement
Touch interactions
Key presses
This allows Content Protector to detect subtle inconsistencies in automation even when scrapers attempt to replicate human browsing patterns.
What users see
For GET or POST HTML requests, the interactive challenge appears as a short interstitial page before the original site content loads. Users complete a quick tile-based puzzle that typically takes only seconds.
The challenge includes five mini-game types using grids of numbers or letters. When anomalies are detected during initial evaluation, AVF determines whether a challenge is required and selects the most appropriate format to minimize friction.
All validation processing occurs in real time with HTTP 200 responses — and once the challenge is completed, the original content request is reloaded seamlessly.
Custom-branded challenge pages
Security should not feel disconnected from your digital experience. The interactive challenge page can be fully customized with your logo, fonts, brand colors, and other design elements.
Customers can host custom HTML and CSS on their origin or NetStorage, ensuring responsive behavior across desktop, tablet, and mobile devices. The result: Strong validation that feels native to your site.
Stronger protection without compromising user experience
Evasive scraping forces many organizations into a difficult position: tighten controls and risk user friction, or relax enforcement and risk content loss. With the Native App Traffic Protection SDK, content protection now extends to native mobile apps, securing confidence in stopping evasive scraping beyond the browser. And AVF with behavioral challenges helps secure against human-like scraping attempts while not compromising user experience.
These added capabilities enable Content Protector to deliver comprehensive protection across web and mobile, while preserving the experience your legitimate users expect.
Learn more
To learn more about Content Protector and these new capabilities, contact an expert.
Tags
