research-article

Open access

Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets

Authors:

Jingshun YangAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 58 - 70

https://doi.org/10.1145/3052973.3053022

Published: 02 April 2017 Publication History

Abstract

Incentivized by monetary gain, some app developers launch fraudulent campaigns to boost their apps' rankings in the mobile app stores. They pay some service providers for boost services, which then organize large groups of collusive attackers to take fraudulent actions such as posting high app ratings or inflating apps' downloads. If not addressed timely, such attacks will increasingly damage the healthiness of app ecosystems. In this work, we propose a novel approach to identify attackers of collusive promotion groups in an app store. Our approach exploits the unusual ranking change patterns of apps to identify promoted apps, measures their pairwise similarity, forms targeted app clusters (TACs), and finally identifies the collusive group members. Our evaluation based on a dataset of Apple's China App store has demonstrated that our approach is able and scalable to report highly suspicious apps and reviewers. App stores may use our techniques to narrow down the suspicious lists for further investigation.

References

[1]

Mahmudur Rahman, Mizanur Rahman, Bogdan Carbunar, and Duen Horng Chau. Fairplay: Fraud and malware detection in google play. In Proceedings of the 2016 SIAM International Conference on Data Mining, pages 99--107. SIAM, 2016.

[2]

Apple. https://developer.apple.com/app-store/review/guidelines/.

[3]

Google. https://play.google.com/about/developer-content-policy.html.

[4]

Shebuti Rayana and Leman Akoglu. Collective opinion spam detection: Bridging review networks and metadata. In Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 985--994. ACM, 2015.

Digital Library

[5]

Huayi Li, Zhiyuan Chen, Bing Liu, Xiaokai Wei, and Jidong Shao. Spotting fake reviews via collective positive-unlabeled learning. In 2014 IEEE International Conference on Data Mining, pages 899--904. IEEE, 2014.

Digital Library

[6]

Leman Akoglu, Rishi Chandy, and Christos Faloutsos. Opinion fraud detection in online reviews by network effects. ICWSM, 13:2--11, 2013.

[7]

Geli Fei, Arjun Mukherjee, Bing Liu, Meichun Hsu, Malu Castellanos, and Riddhiman Ghosh. Exploiting burstiness in reviews for review spammer detection. ICWSM, 13:175--184, 2013.

[8]

Nitin Jindal and Bing Liu. Opinion spam and analysis. In Proceedings of the 2008 International Conference on Web Search and Data Mining, pages 219--230. ACM, 2008.

Digital Library

[9]

Fangtao Li, Minlie Huang, Yi Yang, and Xiaoyan Zhu. Learning to identify review spam. In IJCAI Proceedings-International Joint Conference on Artificial Intelligence, volume 22, page 2488, 2011.

Digital Library

[10]

Jiwei Li, Myle Ott, Claire Cardie, and Eduard H Hovy. Towards a general rule for identifying deceptive opinion spam. In ACL (1), pages 1566--1576. Citeseer, 2014.

[11]

Arjun Mukherjee. Detecting deceptive opinion spam using linguistics, behavioral and statistical modeling. ACL-IJCNLP 2015, page 21, 2015.

[12]

Chang Xu and Jie Zhang. Towards collusive fraud detection in online reviews. In Data Mining (ICDM), 2015 IEEE International Conference on, pages 1051--1056. IEEE, 2015.

Digital Library

[13]

Chang Xu, Jie Zhang, Kuiyu Chang, and Chong Long. Uncovering collusive spammers in chinese review websites. In Proceedings of the 22nd ACM international conference on Conference on information & knowledge management, pages 979--988. ACM, 2013.

Digital Library

[14]

Junting Ye and Leman Akoglu. Discovering opinion spammer groups by network footprints. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pages 267--282. Springer, 2015.

Digital Library

[15]

Chang Xu and Jie Zhang. Combating product review spam campaigns via multiple heterogeneous pairwise features. SDM. SIAM, 2015.

[16]

Number of apps available in leading app stores as of June 2016. http://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/.

[17]

Number of Apple user accounts as of the third quarter 2015. https://www.statista.com/statistics/279689/apple-amazon-and-paypals-user-base/.

[18]

Supposed prices for ranking boost services. https://www.techinasia.com/viral-photo-china-shows-manipulate-app-store-rankings-hard.

[19]

Zhen Xie and Sencun Zhu. Grouptie: toward hidden collusion group discovery in app stores. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pages 153--164. ACM, 2014.

Digital Library

[20]

Zhen Xie and Sencun Zhu. Appwatcher: unveiling the underground market of trading mobile app reviews. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, page 10. ACM, 2015.

Digital Library

[21]

Hengshu Zhu, Hui Xiong, Yong Ge, and Enhong Chen. Ranking fraud detection for mobile apps: A holistic view. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management, pages 619--628. ACM, 2013.

Digital Library

[22]

Arjun Mukherjee, Bing Liu, and Natalie Glance. Spotting fake reviewer groups in consumer reviews. In Proceedings of the 21st international conference on World Wide Web, pages 191--200. ACM, 2012.

Digital Library

[23]

Nitin Jindal, Bing Liu, and Ee-Peng Lim. Finding unusual review patterns using unexpected rules. In Proceedings of the 19th ACM international conference on Information and knowledge management, pages 1549--1552. ACM, 2010.

Digital Library

[24]

Ee-Peng Lim, Viet-An Nguyen, Nitin Jindal, Bing Liu, and Hady Wirawan Lauw. Detecting product review spammers using rating behaviors. In Proceedings of the 19th ACM international conference on Information and knowledge management, pages 939--948. ACM, 2010.

Digital Library

[25]

Sihong Xie, Guan Wang, Shuyang Lin, and Philip S Yu. Review spam detection via temporal pattern discovery. In Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 823--831. ACM, 2012.

Digital Library

[26]

Myle Ott, Claire Cardie, and Jeff Hancock. Estimating the prevalence of deception in online review communities. In Proceedings of the 21st international conference on World Wide Web, pages 201--210. ACM, 2012.

Digital Library

[27]

Song Feng, Ritwik Banerjee, and Yejin Choi. Syntactic stylometry for deception detection. In Proceedings of the 50th Annual Meeting of the Association for Computational Linguistics: Short Papers-Volume 2, pages 171--175. Association for Computational Linguistics, 2012.

Digital Library

[28]

Chang Xu. Detecting collusive spammers in online review communities. In Proceedings of the sixth workshop on Ph. D. students in information and knowledge management, pages 33--40. ACM, 2013.

Digital Library

[29]

Alex Beutel, Wanhong Xu, Venkatesan Guruswami, Christopher Palow, and Christos Faloutsos. Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In Proceedings of the 22nd international conference on World Wide Web, pages 119--130. ACM, 2013.

Digital Library

[30]

Qiang Cao. Understanding and Defending Against Malicious Identities in Online Social Networks. PhD thesis, Duke University, 2014.

[31]

Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, and Ben Y Zhao. Follow the green: growth and dynamics in twitter follower markets. In Proceedings of the 2013 conference on Internet measurement conference, pages 163--176. ACM, 2013.

Digital Library

[32]

Emiliano De Cristofaro, Arik Friedman, Guillaume Jourjon, Mohamed Ali Kaafar, and M Zubair Shafiq. Paying for likes?: Understanding facebook like fraud using honeypots. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 129--136. ACM, 2014.

Digital Library

[33]

Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, pages 15--26. ACM, 2011.

Digital Library

[34]

Hao Peng, Chris Gates, Bhaskar Sarma, Ninghui Li, Yuan Qi, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy. Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 241--252. ACM, 2012.

Digital Library

[35]

Alessandra Gorla, Ilaria Tavecchia, Florian Gross, and Andreas Zeller. Checking app behavior against app descriptions. In Proceedings of the 36th International Conference on Software Engineering, pages 1025--1035. ACM, 2014.

Digital Library

[36]

Nicolas Viennot, Edward Garcia, and Jason Nieh. A measurement study of google play. In ACM SIGMETRICS Performance Evaluation Review, volume 42, pages 221--233. ACM, 2014.

Digital Library

[37]

Jonathan Crussell, Clint Gibler, and Hao Chen. Andarwin: Scalable detection of semantically similar android applications. In European Symposium on Research in Computer Security, pages 182--199. Springer, 2013.

[38]

Suranga Seneviratne, Aruna Seneviratne, Mohamed Ali Kaafar, Anirban Mahanti, and Prasant Mohapatra. Early detection of spam mobile apps. In Proceedings of the 24th International Conference on World Wide Web, pages 949--959. ACM, 2015.

Digital Library

[39]

Karim O Elish, Danfeng Yao, and Barbara G Ryder. On the need of precise inter-app icc classification for detecting android malware collusions. In Proceedings of IEEE Mobile Security Technologies (MoST), in conjunction with the IEEE Symposium on Security and Privacy, 2015.

[40]

Amiangshu Bosu, Fang Liu, Danfeng Yao, and Gang Wang. Collusive data leak and more: Large-scale threat analysis of inter-app communications. In Proceedings of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2017.

Digital Library

[41]

Rishi Chandy and Haijie Gu. Identifying spam in the ios app store. In Proceedings of the 2nd Joint WICOW/AIRWeb Workshop on Web Quality, pages 56--59. ACM, 2012.

Digital Library

Cited By

Zhang YWang HStavrou A(2024)A multiview clustering framework for detecting deceptive reviewsJournal of Computer Security10.3233/JCS-22000132:1(31-52)Online publication date: 2-Feb-2024
https://dl.acm.org/doi/10.3233/JCS-220001
Sun RXue MTyson GWang SCamtepe SNepal S(2023)Not Seen, Not Heard in the Digital World! Measuring Privacy Practices in Children’s AppsProceedings of the ACM Web Conference 202310.1145/3543507.3583327(2166-2177)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3543507.3583327
Zhang ZWan JZhou MLai ZTessone CChen GLiao H(2023)Temporal burstiness and collaborative camouflage aware fraud detectionInformation Processing & Management10.1016/j.ipm.2022.10317060:2(103170)Online publication date: Mar-2023
https://doi.org/10.1016/j.ipm.2022.103170
Show More Cited By

Index Terms

Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets
1. Security and privacy
  1. Security services
    1. Access control

Recommendations

Crowdsourced App Review Manipulation
SIGIR '17: Proceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval

With the rapid adoption of smartphones worldwide and the reliance on app marketplaces to discover new apps, these marketplaces are critical for connecting users with apps. And yet, the user reviews and ratings on these marketplaces may be strategically ...
Uncovering download fraud activities in mobile app markets
ASONAM '19: Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Download fraud is a prevalent threat in mobile App markets, where fraudsters manipulate the number of downloads of Apps via various cheating approaches. Purchased fake downloads can mislead recommendation and search algorithms and further lead to bad ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
993
Total Downloads

Downloads (Last 12 months)137
Downloads (Last 6 weeks)25

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang YWang HStavrou A(2024)A multiview clustering framework for detecting deceptive reviewsJournal of Computer Security10.3233/JCS-22000132:1(31-52)Online publication date: 2-Feb-2024
https://dl.acm.org/doi/10.3233/JCS-220001
Sun RXue MTyson GWang SCamtepe SNepal S(2023)Not Seen, Not Heard in the Digital World! Measuring Privacy Practices in Children’s AppsProceedings of the ACM Web Conference 202310.1145/3543507.3583327(2166-2177)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3543507.3583327
Zhang ZWan JZhou MLai ZTessone CChen GLiao H(2023)Temporal burstiness and collaborative camouflage aware fraud detectionInformation Processing & Management10.1016/j.ipm.2022.10317060:2(103170)Online publication date: Mar-2023
https://doi.org/10.1016/j.ipm.2022.103170
Lin FWang HWang LLiu X(2021)A Longitudinal Study of Removed Apps in iOS App StoreProceedings of the Web Conference 202110.1145/3442381.3449990(1435-1446)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3449990
Zhang TChen JZhan XLuo XLo DJiang H(2021)Where2Change: Change Request Localization for App ReviewsIEEE Transactions on Software Engineering10.1109/TSE.2019.295694147:11(2590-2616)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TSE.2019.2956941
Rahman MHernandez NCarbunar BChau D(2021)Towards De-Anonymization of Google Play Search Rank FraudIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2020.297517033:11(3648-3661)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TKDE.2020.2975170
Hu YWang HJi TXiao XLuo XGao PGuo Y(2021)CHAMPProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00089(933-945)Online publication date: 22-May-2021
https://dl.acm.org/doi/10.1109/ICSE43902.2021.00089
Du KYang HZhang YDuan HWang HHao SLi ZYang M(2020)Understanding Promotion-as-a-Service on GitHubProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427258(597-610)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427258
Dery LHermel DJelnov A(2020)Cheating in Ranking SystemsReview of Industrial Organization10.1007/s11151-020-09754-258:2(303-320)Online publication date: 23-Mar-2020
https://doi.org/10.1007/s11151-020-09754-2
Zhang YHao SWang H(2020)Review Trade: Everything Is Free in Incentivized Review GroupsSecurity and Privacy in Communication Networks10.1007/978-3-030-63086-7_19(339-359)Online publication date: 12-Dec-2020
https://doi.org/10.1007/978-3-030-63086-7_19
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents