research-article

You can promote, but you can't hide: large-scale abused app detection in mobile app stores

Authors:

Wenjing WangAuthors Info & Claims

ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications

Pages 374 - 385

https://doi.org/10.1145/2991079.2991099

Published: 05 December 2016 Publication History

Abstract

Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.

References

[1]

Rakesh Agrawal and Ramakrishnan Srikant. Fast algorithms for mining association rules in large databases. In Proceedings of the 20th International Conference on Very Large Data Bases, VLDB '94, pages 487--499, San Francisco, CA, USA, 1994. Morgan Kaufmann Publishers Inc.

Digital Library

[2]

Mohammad Allahbakhsh, Aleksandar Ignjatovic, Boualem Benatallah, Seyed-Mehdi-Reza Beheshti, Norman Foo, and Elisa Bertino. Detecting, representing and querying collusion in online rating systems. CoRR, abs/1211.0963, 2012.

[3]

Mohammad Allahbakhsh, Aleksandar Ignjatovic, Boualem Benatallah, Seyed-Mehdi-Reza Beheshti, Norman Foo, and Elisa Bertino. Representation and querying of unfair evaluations in social rating systems. Computers & Security, 41(0):68 -- 88, 2014. 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

Digital Library

[4]

Apple. https://developer.apple.com/app-store/review/guidelines/.

[5]

Apple. http://www.apple.com/pr/library/2014/04/23Apple-Reports-Second-Quarter-Results.html.

[6]

Filipe Araujo, Jorge Farinha, PatrÅąÂłcio Domingues, Gheorghe Cosmin Silaghi, and Derrick Kondo. A maximum independent set approach for collusion detection in voting pools. J. Parallel Distrib. Comput., 71(10):1356-1366, 2011.

[7]

Alex Beutel, Wanhong Xu, Venkatesan Guruswami, Christopher Palow, and Christos Faloutsos. Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In Proceedings of the 22nd international conference on World Wide Web, pages 119--130, 2013.

Digital Library

[8]

Rishi Chandy and Haijie Gu. Identifying spam in the ios app store. In Proceedings of the 2nd Joint WICOW/AIRWeb Workshop on Web Quality, WebQuality '12, pages 56--59, New York, NY, USA, 2012. ACM.

Digital Library

[9]

Bled Electronic Commerce, Audun J?sang, and Roslan Ismail. The beta reputation system. In In Proceedings of the 15th Bled Electronic Commerce Conference, 2002.

[10]

John R Douceur. The sybil attack. In Peer-to-peer Systems, pages 251--260. Springer, 2002.

[11]

Juan Du, Wei Wei, Xiaohui Gu, and Ting Yu. Runtest: assuring integrity of dataflow processing in cloud computing infrastructures. In Proceedings of the 5th A CM Symposium on Information, Computer and Communications Security, pages 293--304. ACM, April 2010.

Digital Library

[12]

FTC. http://www.business.ftc.gov/documents/bus71-ftcs-revised-endorsement-guideswhat-people-are-asking.

[13]

Google. https://play.google.com/about/developer-content-policy.html.

[14]

App Store Review Guidelines:. https://developer.apple.com/app-store/review/.

[15]

Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th international conference on World Wide Web, pages 640-651. ACM, May 2003.

Digital Library

[16]

Enver Kayaaslan. On enumerating all maximal bicliques of bipartite graphs. In 9th Cologne-Twente Workshop on Graphs and Combinatorial Optimization, page 105, 2010.

[17]

HyunYong Lee, JongWom Kim, and Kyuyong Shin. Simplified clique detection for collusion-resistant reputation management scheme in p2p networks. In Communications and Information Technologies (ISCIT), 2010 International Symposium on, pages 273--278, Oct 2010.

[18]

Arjun Mukherjee, Bing Liu, and Natalie Glance. Spotting fake reviewer groups in consumer reviews. In Proceedings of the 21st international conference on World Wide Web, WWW '12, pages 191--200, New York, NY, USA, 2012. ACM.

Digital Library

[19]

Eugen Staab and Thomas Engel. Collusion detection for grid computing. In Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, pages 412--419. IEEE Computer Society, May 2009.

Digital Library

[20]

statista. http://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores.

[21]

Jianshu Weng, Chunyan Miao, and Angela Goh. An entropy-based approach to protecting rating systems from unfair testimonies. IEICE - Trans. Inf. Syst., E89-D(9):2502--2511, September 2006.

Digital Library

[22]

wiki. http://en.wikipedia.org/wiki/App_Store_(iOS).

[23]

wiki. http://en.wikipedia.org/wiki/Google_Play.

[24]

Zhen Xie and Sencun Zhu. Grouptie: toward hidden collusion group discovery in app stores. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pages 153--164. ACM, 2014.

Digital Library

[25]

Zhen Xie and Sencun Zhu. Appwatcher: unveiling the underground market of trading mobile app reviews. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, page 10. ACM, 2015.

Digital Library

[26]

Guizhen Yang. The complexity of mining maximal frequent itemsets and maximal frequent patterns. In In KDD' 04: Proceedings of the tenth ACM SIGKDD International Conference on Knowledge Discovery and Data mining, pages 344--353. ACM Press, 2004.

Digital Library

[27]

Jialong Zhang and Guofei Gu. Neighborwatcher: A content-agnostic comment spam inference system. In NDSS. Citeseer, 2013.

[28]

Runfang Zhou and Kai Hwang. Trust overlay networks for global reputation aggregation in p2p grid computing. In Proceedings of the 20th international conference on Parallel and distributed processing, pages 29--29. IEEE Computer Society, April 2006.

Digital Library

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Hussain NRani PChouhan HGaur U(2022)Cyber Security and Privacy of Connected and Automated Vehicles (CAVs)-Based Federated Learning: Challenges, Opportunities, and Open IssuesFederated Learning for IoT Applications10.1007/978-3-030-85559-8_11(169-183)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-3-030-85559-8_11
Hernandez NRecabarren RCarbunar BAhmed SLevin DMislove AAmann JLuckie M(2021)RacketStoreProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487837(639-657)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487837
Show More Cited By

Index Terms

You can promote, but you can't hide: large-scale abused app detection in mobile app stores

Recommendations

A Longitudinal Study of Removed Apps in iOS App Store
WWW '21: Proceedings of the Web Conference 2021

To improve app quality and nip the potential threats in the bud, modern app markets have released strict guidelines along with app vetting process before app publishing. However, there has been growing evidence showing the ineffectiveness of app vetting,...
Release your app on Sunday eve: finding the best time to deploy apps
MobileHCI '11: Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services

Mobile application stores such as Apple's App Store and Google's Android Market enable researchers to use App Stores as a platform for user studies. Because successful studies can require a large number of users researchers might need to attract a large ...
How to be a successful app developer: lessons from the simulation of an app ecosystem
GECCO '12: Proceedings of the 14th annual conference on Genetic and evolutionary computation

App developers are constantly competing against each other to win more downloads for their apps. With hundreds of thousands of apps in these online stores, what strategy should a developer use to be successful? Should they innovate, make many similar ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '16: Proceedings of the 32nd Annual Conference on Computer Security Applications

December 2016

614 pages

ISBN:9781450347716

DOI:10.1145/2991079

Conference Chair:
Stephen Schwab
USC Information Sciences Institute
,
Program Chairs:
Wil Robertson
Northeastern University
,
Davide Balzarotti
Eurecom

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACSAC '16

Sponsor:

ACSA

ACSAC '16: 2016 Annual Computer Security Applications Conference

December 5 - 8, 2016

California, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
204
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Steinböck MBleier JRainer MUrban TUtz CLindorfer MSpinellis DConstantinou EBacchelli A(2024)Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform AnalysesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644896(348-360)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644896
Hussain NRani PChouhan HGaur U(2022)Cyber Security and Privacy of Connected and Automated Vehicles (CAVs)-Based Federated Learning: Challenges, Opportunities, and Open IssuesFederated Learning for IoT Applications10.1007/978-3-030-85559-8_11(169-183)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-3-030-85559-8_11
Hernandez NRecabarren RCarbunar BAhmed SLevin DMislove AAmann JLuckie M(2021)RacketStoreProceedings of the 21st ACM Internet Measurement Conference10.1145/3487552.3487837(639-657)Online publication date: 2-Nov-2021
https://dl.acm.org/doi/10.1145/3487552.3487837
Lin FWang HWang LLiu X(2021)A Longitudinal Study of Removed Apps in iOS App StoreProceedings of the Web Conference 202110.1145/3442381.3449990(1435-1446)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3449990
Zhang TChen JZhan XLuo XLo DJiang H(2021)Where2Change: Change Request Localization for App ReviewsIEEE Transactions on Software Engineering10.1109/TSE.2019.295694147:11(2590-2616)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TSE.2019.2956941
Zhang YHao SWang H(2020)Review Trade: Everything Is Free in Incentivized Review GroupsSecurity and Privacy in Communication Networks10.1007/978-3-030-63086-7_19(339-359)Online publication date: 12-Dec-2020
https://doi.org/10.1007/978-3-030-63086-7_19
Rahman MHernandez NRecabarren RAhmed SCarbunar BCavallaro LKinder JWang XKatz J(2019)The Art and Craft of Fraudulent App Promotion in Google PlayProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3345658(2437-2454)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3345658
He DHong KCheng YTang ZGuizani M(2019)Detecting Promotion Attacks in the App Market Using Neural NetworksIEEE Wireless Communications10.1109/MWC.2019.180032226:4(110-116)Online publication date: Aug-2019
https://doi.org/10.1109/MWC.2019.1800322
Zhang TLi HXu ZLiu JHuang RShen Y(2019)Labelling issue reports in mobile appsIET Software10.1049/iet-sen.2018.5420Online publication date: 27-Jun-2019
https://doi.org/10.1049/iet-sen.2018.5420
Hernandez NRahman MRecabarren RCarbunar BLie DMannan MBackes MWang X(2018)Fraud De-Anonymization for Fun and ProfitProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243770(115-130)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243770
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten