Article

DECAF: detecting and characterizing ad fraud in mobile apps

Authors:

Ramesh Govindan,

Jie LiuAuthors Info & Claims

NSDI'14: Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation

Pages 57 - 70

Published: 02 April 2014 Publication History

Abstract

Ad networks for mobile apps require inspection of the visual layout of their ads to detect certain types of placement frauds. Doing this manually is error prone, and does not scale to the sizes of today's app stores. In this paper, we design a system called DECAF to automatically discover various placement frauds scalably and effectively. DECAF uses automated app navigation, together with optimizations to scan through a large number of visual elements within a limited time. It also includes a framework for efficiently detecting whether ads within an app violate an extensible set of rules that govern ad placement and display. We have implemented DECAF for Windows-based mobile platforms, and applied it to 1,150 tablet apps and 50,000 phone apps in order to characterize the prevalence of ad frauds. DECAF has been used by the ad fraud team in Microsoft and has helped find many instances of ad frauds.

References

[1]

AdMob Publisher Guidelines and Policies. http://support.google.com/admob/answer/1307237?hl=en&ref_topic=1307235.

[2]

Android Monkeyrunner. http://developer.android. com/tools/help/monkeyrunner_concepts.html.

[3]

Android UI/Application Exerciser Monkey. http://developer.android.com/tools/help/monkey.html.

[4]

Bots Mobilize. http://www.dmnews.com/bots-mobilize/article/291566/.

[5]

Flurry. http://www.flurry.com/.

[6]

Google Admob. http://www.google.com/ads/admob/.

[7]

Google Admob: What's the Difference Between Estimated and Finalized Earnings? http://support. google.com/adsense/answer/168408/.

[8]

iAd App Network. http://developer.apple.com/support/appstore/iad-app-network/.

[9]

Microsoft Advertising. http://advertising. microsoft.com/en-us/splitter.

[10]

Microsoft Advertising: Build your business. http://advertising.microsoft.com/en-us/splitter.

[11]

Microsoft pubCenter Publisher Terms and Conditions. http://pubcenter.microsoft.com/StaticHTML/TC/TC_en.html.

[12]

The Truth About Mobile Click Fraud. http://www.imgrind.com/the-truth-about-mobile-click-fraud/.

[13]

Up To 40% Of Mobile Ad Clicks May Be Accidents Or Fraud? http://www. mediapost.com/publications/article/182029/up-to-40-of-mobile-ad-clicks-may-be-accidents-or.html#axzz2ed63eE9q.

[14]

Windows Hooks. http://msdn.microsoft.com/en-us/library/windows/desktop/ms632589(v=vs. 85).aspx.

[15]

Windows Input Simulator. http://inputsimulator. codeplex.com/.

[16]

Windows Performance Counters. http://msdn.microsoft.com/en-us/library/windows/desktop/aa373083(v=vs.85).aspx.

[17]

S. Alrwais, A. Gerber, C. Dunn, O. Spatscheck, M. Gupta, and E. Osterweil. Dissecting Ghost Clicks: Ad Fraud Via Misdirected Human Clicks. In ACSAC, 2012.

Digital Library

[18]

D. Amalfitano, A. Fasolino, S. Carmine, A. Memon, and P. Tramontana. Using GUI Ripping for Automated Testing of Android Applications. In IEEE/ACM ASE, 2012.

Digital Library

[19]

S. Anand, M. Naik, M. Harrold, and H. Yang. Automated Concolic Testing of Smartphone Apps. In ACM FSE, 2012.

Digital Library

[20]

T. Blizard and N. Livic. Click-fraud monetizing malware: A survey and case study. In MALWARE, 2012.

Digital Library

[21]

P. Chia, Y. Yamamoto, and N. Asokan. Is this App Safe? A Large Scale Study on Application Permissions and Risk Signals. In WWW, 2012.

Digital Library

[22]

V. Dave, S. Guha, and Y. Zhang. Measuring and Fingerprinting Click-Spam in Ad Networks. In ACM SIGCOMM, 2012.

Digital Library

[23]

V. Dave, S. Guha, and Y. Zhang. ViceROI: Catching Click-Spam in Search Ad Networks. In ACM CCS, 2013.

Digital Library

[24]

W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: an Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In USENIX OSDI, 2010.

Digital Library

[25]

A. Felt, Porter, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A Survey of Mobile Malware in the Wild. In ACM SPSM, 2011.

Digital Library

[26]

S. Ganov, C. Killmar, S. Khurshid, and D. Perry. Event Listener Analysis and Symbolic Execution for Testing GUI Applications. In ICFEM, 2009.

Digital Library

[27]

P. Gilbert, B. Chun, L. Cox, and J. Jung. Vision: Automated Security Validation of Mobile apps at App Markets. In MCS, 2011.

Digital Library

[28]

M. Grace, W. Zhou, X. Jiang, and A. Sadeghi. Unsafe Exposure Analysis of Mobile In-App Advertisements. In ACM WiSec, 2012.

Digital Library

[29]

H. Haddadi. Fighting Online Click-Fraud Using Bluff Ads. ACM Computer Communication Review, 40(2):21-25, 2010.

Digital Library

[30]

C. Hu and I. Neamtiu. Automating GUI Testing for Android Applications. In AST, 2011.

Digital Library

[31]

A. Juels, S. Stamm, and M. Jakobsson. Combating Click Fraud via Premium Clicks. In USENIX Security, 2007.

Digital Library

[32]

C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamalytics: An Empirical Analysis of Spam Marketing Conversion. In ACM CCS, 2008.

Digital Library

[33]

K. Lee, J. Flinn, T. Giuli, B. Noble, and C. Peplin. AMC: Verifying User Interface Properties for Vehicular Applications. In ACM MobiSys, 2013.

Digital Library

[34]

B. Liu, S. Nath, R. Govindan, and J. Liu. DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps. In University of Southern California Technical Report 13-938, 2013.

[35]

A. MacHiry, R. Tahiliani, and M. Naik. Dynodroid: An Input Generation System for Android Apps. In ACM FSE, 2013.

Digital Library

[36]

R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou. A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud. In AST, 2012.

[37]

D. McCoy, A. Pitsillidis, G. Jordan, N. Weaver, C. Kreibich, B. Krebs, G. Voelker, S. Savage, and K. Levchenko. PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs. In USENIX Security, 2012.

Digital Library

[38]

A. Metwally, D. Agrawal, and A. El Abbadi. DETECTIVES: DETEcting Coalition hiT Inflation attacks in adVertising nEtworks Streams. In WWW, 2007.

Digital Library

[39]

A. Metwally, F. Emekci, D. Agrawal, and A. El Abbadi. SLEUTH: Single-pubLisher attack dEtection Using correlaTion Hunting. In PVLDB, 2008.

Digital Library

[40]

B. Miller, P. Pearce, C. Grier, C. Kreibich, and V. Paxson. What's Clicking What? Techniques and Innovations of Today's Clickbots. In IEEE DIMVA, 2011.

Digital Library

[41]

N. Mirzaei, S. Malek, C. Pasareanu, N. Esfahani, and R. Mahmood. Testing Android Apps through Symbolic Execution. ACM SIGSOFT Software Engineering Notes, 37(6):1-5, 2012.

Digital Library

[42]

T. Moore, N. Leontiadis, and N. Christin. Fashion Crimes: Trending-Term Exploitation on the Web. In ACM CCS, 2011.

Digital Library

[43]

M. Musuvathi, D. Park, A. Chou, D. Engler, and D. Dill. CMC: a Pragmatic Approach to Model Checking Real Code. In USENIX OSDI, 2002.

Digital Library

[44]

Suman Nath, Felix Lin, Lenin Ravindranath, and Jitu Padhye. SmartAds: Bringing Contextual Ads to Mobile Apps. In ACM MobiSys, 2013.

Digital Library

[45]

V. Rastogi, Y. Chen, and W. Enck. Appsplay-ground: Automatic Security Analysis of Smartphone Applications. In ACM CODASPY, 2013.

Digital Library

[46]

L. Ravindranath, J. Padhye, S. Agarwal, R. Mahajan, I. Obermiller, and S. Shayandeh. AppInsight: Mobile App Performance Monitoring in the Wild. In USENIX OSDI, 2012.

Digital Library

[47]

Lenin Ravindranath, Suman Nath, Jitendra Padhye, and Hari Balakrishnan. Automatic and Scalable Fault Detection for Mobile Applications. Technical Report MSR-TR-2013-98, Microsoft Research, 2013.

[48]

F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H.Wang, and C. Cowan. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems. In IEEE S & P, 2012.

Digital Library

[49]

K. Springborn, and P. Barford. Impression Fraud in Online Advertising via Pay-Per-View Networks. In USENIX Security, 2013.

Digital Library

[50]

W. Yang, M. Prasad, and T. Xie. A Grey-box Approach for Automated GUI-model Generation of Mobile Applications. In FASE, 2013.

Digital Library

[51]

F. Yu, Y. Xie, and Q. Ke. SBotMiner: Large Scale Search Bot Detection. In ACM WSDM, 2010.

Digital Library

[52]

Q. Zhang, T. Ristenpart, S. Savage, and G. Voelker. Got Traffic? An Evaluation of Click Traffic Providers. In WebQuality, 2011.

Digital Library

Cited By

Zhu TMeng YHu HZhang XXue MZhu HKim YKim JVigna GShi E(2021)Dissecting Click Fraud Autonomy in the WildProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484546(271-286)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484546
Liu CXiao XJuristo N(2021)ProMalProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00061(144-146)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-Companion52605.2021.00061
Liu TWang HLi LLuo XDong FGuo YWang LBissyandé TKlein J(2020)MadDroid: Characterizing and Detecting Devious Ad Contents for Android AppsProceedings of The Web Conference 202010.1145/3366423.3380242(1715-1726)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380242
Show More Cited By

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big Data

Mobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
Apple iPhone Encyclopedia - iPhone 8 Inside-Out Features: Comprehensive Inside out features of iPhone 8 and what to Expect in iPhone 8 plus

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

NSDI'14: Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation

April 2014

546 pages

ISBN:9781931971096

Program Chairs:
Ratul Mahajan
Microsoft Research
,
Ion Stoica
University of California at Berkeley

Sponsors

USENIX Assoc: USENIX Assoc

In-Cooperation

Publisher

USENIX Association

United States

Publication History

Published: 02 April 2014

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhu TMeng YHu HZhang XXue MZhu HKim YKim JVigna GShi E(2021)Dissecting Click Fraud Autonomy in the WildProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484546(271-286)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484546
Liu CXiao XJuristo N(2021)ProMalProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00061(144-146)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1109/ICSE-Companion52605.2021.00061
Liu TWang HLi LLuo XDong FGuo YWang LBissyandé TKlein J(2020)MadDroid: Characterizing and Detecting Devious Ad Contents for Android AppsProceedings of The Web Conference 202010.1145/3366423.3380242(1715-1726)Online publication date: 20-Apr-2020
https://dl.acm.org/doi/10.1145/3366423.3380242
Zhang MMeng WLee SLee BXing XHeninger NTraynor P(2019)All your clicks belong to me: investigating click interception on the webProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361404(941-957)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361404
Nagaraja SShah R(2019)ClicktokProceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3317549.3323407(105-116)Online publication date: 15-May-2019
https://dl.acm.org/doi/10.1145/3317549.3323407
Chen GMeng WCopeland J(2019)Revisiting Mobile Advertising Threats with MAdLifeThe World Wide Web Conference10.1145/3308558.3313549(207-217)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313549
Yan YLi ZChen QWilson CXu TZhai ELi YLiu YSong JKim MLane NBalan R(2019)Understanding and Detecting Overlay-based Android Malware at Market ScalesProceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3307334.3326094(168-179)Online publication date: 12-Jun-2019
https://dl.acm.org/doi/10.1145/3307334.3326094
Thejas GBoroojeni KChandna KBhatia IIyengar SSunitha NLo DKim DGamess E(2019)Deep Learning-based Model to Fight Against Ad Click FraudProceedings of the 2019 ACM Southeast Conference10.1145/3299815.3314453(176-181)Online publication date: 18-Apr-2019
https://dl.acm.org/doi/10.1145/3299815.3314453
Lee JRyu WKim KLee SHung CPapadopoulos G(2019)MoCAProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297399(1208-1215)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297399
Zhang XRoss AFogarty JBaudisch PSchmidt AWilson A(2018)Robust Annotation of Mobile Application Interfaces in Methods for Accessibility Repair and EnhancementProceedings of the 31st Annual ACM Symposium on User Interface Software and Technology10.1145/3242587.3242616(609-621)Online publication date: 11-Oct-2018
https://dl.acm.org/doi/10.1145/3242587.3242616
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents