research-article

Demystifying Illegal Mobile Gambling Apps

Authors:

Xuanzhe LiuAuthors Info & Claims

WWW '21: Proceedings of the Web Conference 2021

Pages 1447 - 1458

https://doi.org/10.1145/3442381.3449932

Published: 03 June 2021 Publication History

Abstract

Mobile gambling app, as a new type of online gambling service emerging in the mobile era, has become one of the most popular and lucrative underground businesses in the mobile app ecosystem. Since its born, mobile gambling app has received strict regulations from both government authorities and app markets. However, to the best of our knowledge, mobile gambling apps have not been investigated by our research community. In this paper, we take the first step to fill the void. Specifically, we first perform a 5-month dataset collection process to harvest illegal gambling apps in China, where mobile gambling apps are outlawed. We have collected 3,366 unique gambling apps with 5,344 different versions. We then characterize the gambling apps from various perspectives including app distribution channels, network infrastructure, malicious behaviors, abused third-party and payment services. Our work has revealed a number of covert distribution channels, the unique characteristics of gambling apps, and the abused fourth-party payment services. At last, we further propose a “guilt-by-association” expansion method to identify new suspicious gambling services, which help us further identify over 140K suspicious gambling domains and over 57K gambling app candidates. Our study demonstrates the urgency for detecting and regulating illegal gambling apps.

References

[1]

[n.d.]. VirusTotal. https://www.virustotal.com/.

[2]

360.com. [n.d.]. Network Security Research Lab at 360. https://netlab.360.com/.

[3]

Alexa. [n.d.]. Alexa top websites. http://www.alexa.com/topsites/category/Top/Computers/Internet/Domain Names.

[4]

Benjamin Andow, Adwait Nadkarni, Blake Bassett, William Enck, and Tao Xie. 2016. A study of grayware on google play. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 224–233.

[5]

James Banks. 2016. Online gambling and crime: Causes, controls and controversies. Routledge.

[6]

Graham Brooks. 2012. Online gambling and money laundering:“views from the inside”. Journal of Money Laundering Control(2012).

[7]

Jonathan Crussell, Ryan Stevens, and Hao Chen. 2014. Madfraud: Investigating ad fraud in android applications. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services. 123–134.

Digital Library

[8]

Feng Dong, Haoyu Wang, Li Li, Yao Guo, Tegawendé F Bissyandé, Tianming Liu, Guoai Xu, and Jacques Klein. 2018. Frauddroid: Automated ad fraud detection for android apps. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 257–268.

Digital Library

[9]

Feng Dong, Haoyu Wang, Li Li, Yao Guo, Guoai Xu, and Shaodong Zhang. 2018. How do mobile apps violate the behavioral policy of advertisement libraries?. In Proceedings of the 19th International Workshop on Mobile Computing Systems & Applications. 75–80.

Digital Library

[10]

Kun Du, Hao Yang, Zhou Li, Haixin Duan, and Kehuan Zhang. 2016. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard {DNS} Powered Blackhat {SEO}. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 245–262.

[11]

Shehroze Farooqi, Álvaro Feal, Tobias Lauinger, Damon McCoy, Zubair Shafiq, and Narseo Vallina-Rodriguez. 2020. Understanding Incentivized Mobile App Installs on Google Play Store. In Proceedings of the ACM Internet Measurement Conference(IMC ’20). 696–709.

Digital Library

[12]

P. Faruki, A. Bharmal, V. Laxmi, V. Ganmoor, M. S. Gaur, M. Conti, and M. Rajarajan. 2015. Android Security: A Survey of Issues, Malware Penetration, and Defenses. IEEE Communications Surveys & Tutorials 17, 2 (2015), 998–1022.

Digital Library

[13]

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android permissions: User attention, comprehension, and behavior. In Proceedings of the eighth symposium on usable privacy and security. 1–14.

Digital Library

[14]

Olga Gadyatskaya, Andra-Lidia Lezza, and Yury Zhauniarovich. 2016. Evaluation of Resource-based App Repackaging Detection in Android. In Proceedings of the 21st Nordic Conference on Secure IT Systems(NordSec 2016). 135–151.

[15]

J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador, and N. Vallina-Rodriguez. 2020. An Analysis of Pre-installed Android Software. In 2020 IEEE Symposium on Security and Privacy (SP). 1039–1055. https://doi.org/10.1109/SP40000.2020.00013

[16]

Ren He, Haoyu Wang, Pengcheng Xia, Liu Wang, Yuanchun Li, Lei Wu, Yajin Zhou, Xiapu Luo, Yao Guo, and Guoai Xu. 2020. Beyond the virus: A first look at coronavirus-themed mobile malware. arXiv preprint arXiv:2005.14619(2020).

[17]

AdGuard Home. [n.d.]. AdGuard Home. https://github.com/AdguardTeam/AdGuardHome.

[18]

Yangyu Hu, Haoyu Wang, Ren He, Li Li, Gareth Tyson, Ignacio Castro, Yao Guo, Lei Wu, and Guoai Xu. 2020. Mobile app squatting. In Proceedings of The Web Conference 2020. 1727–1738.

Digital Library

[19]

Yangyu Hu, Haoyu Wang, Li Li, Yao Guo, Guoai Xu, and Ren He. 2019. Want to earn a few extra bucks? a first look at money-making apps. In 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 332–343.

[20]

Yangyu Hu, Haoyu Wang, Yajin Zhou, Yao Guo, Li Li, Bingxuan Luo, and Fangren Xu. 2018. Dating with scambots: Understanding the ecosystem of fraudulent dating applications. arXiv preprint arXiv:1807.04901(2018).

[21]

iptoasn.com. [n.d.]. Free IP address to ASN database. https://iptoasn.com/.

[22]

kaspersky. [n.d.]. Trojan.AndroidOS.Boogr. https://threats.kaspersky.com/en/threat/Trojan.AndroidOS.Boogr/.

[23]

koodous.com. [n.d.]. Koodous. https://koodous.com/.

[24]

Li Li, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. 2016. An Investigation into the Use of Common Libraries in Android Apps. In The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016).

[25]

Li Li, Jun Gao, Médéric Hurier, Pingfan Kong, Tegawendé F Bissyandé, Alexandre Bartel, Jacques Klein, and Yves Le Traon. 2017. AndroZoo++: Collecting Millions of Android Apps and Their Metadata for the Research Community. arXiv preprint arXiv:1709.05281(2017).

[26]

Jialiu Lin, Shahriyar Amini, Jason I. Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing(UbiComp ’12). 501–510.

Digital Library

[27]

Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu. 2014. {DECAF}: Detecting and characterizing ad fraud in mobile apps. In 11th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 14). 57–70.

[28]

Minxing Liu, Haoyu Wang, Yao Guo, and Jason Hong. 2016. Identifying and analyzing the privacy of apps for kids. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications. 105–110.

Digital Library

[29]

Tianming Liu, Haoyu Wang, Li Li, Guangdong Bai, Yao Guo, and Guoai Xu. 2019. Dapanda: Detecting aggressive push notifications in android apps. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 66–78.

Digital Library

[30]

Tianming Liu, Haoyu Wang, Li Li, Xiapu Luo, Feng Dong, Yao Guo, Liu Wang, Tegawendé Bissyandé, and Jacques Klein. 2020. MadDroid: Characterizing and Detecting Devious Ad Contents for Android Apps. In Proceedings of The Web Conference 2020. 1715–1726.

Digital Library

[31]

Ziang Ma, Haoyu Wang, Yao Guo, and Xiangqun Chen. 2016. LibRadar: fast and accurate detection of third-party libraries in Android apps. In Proceedings of the 38th international conference on software engineering companion. 653–656.

Digital Library

[32]

Rahul Pandita, Xusheng Xiao, Wei Yang, William Enck, and Tao Xie. 2013. {WHYPER}: Towards automating risk assessment of mobile applications. In 22nd {USENIX} Security Symposium ({USENIX} Security 13). 527–542.

[33]

Sancheng Peng, Shui Yu, and Aimin Yang. 2013. Smartphone malware and its propagation modeling: A survey. IEEE Communications Surveys & Tutorials 16, 2 (2013), 925–941.

[34]

Thanasis Petsas, Antonis Papadogiannakis, Michalis Polychronakis, Evangelos P Markatos, and Thomas Karagiannis. 2017. Measurement, modeling, and analysis of the mobile app ecosystem. ACM Transactions on Modeling and Performance Evaluation of Computing Systems (TOMPECS) 2, 2 (2017), 1–33.

Digital Library

[35]

Google Play. [n.d.]. Real-Money Gambling, Games, and Contests. https://play.google.com/about/restricted-content/gambling/.

[36]

Mizanur Rahman, Nestor Hernandez, Ruben Recabarren, Syed Ishtiaque Ahmed, and Bogdan Carbunar. 2019. The Art and Craft of Fraudulent App Promotion in Google Play. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2437–2454.

Digital Library

[37]

Marcos Sebastián, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. Avclass: A tool for massive malware labeling. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 230–253.

[38]

Yutian Tang, Yulei Sui, Haoyu Wang, Xiapu Luo, Hao Zhou, and Zhou Xu. 2020. All your app links are belong to us: understanding the threats of instant apps based attacks. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 914–926.

Digital Library

[39]

Timothy Vidas and Nicolas Christin. 2014. Evading android runtime analysis via sandbox detection. In Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 447–458.

Digital Library

[40]

Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of google play. In The 2014 ACM international conference on Measurement and modeling of computer systems. 221–233.

Digital Library

[41]

Haoyu Wang and Yao Guo. 2017. Understanding third-party libraries in mobile app analysis. In 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C). IEEE, 515–516.

Digital Library

[42]

Haoyu Wang, Yao Guo, Ziang Ma, and Xiangqun Chen. 2015. WuKong: a scalable and accurate two-phase approach to Android app clone detection. In Proceedings of the 2015 International Symposium on Software Testing and Analysis. ACM, 71–82.

Digital Library

[43]

Haoyu Wang, Hao Li, and Yao Guo. 2019. Understanding the evolution of mobile app ecosystems: A longitudinal measurement study of google play. In The World Wide Web Conference. 1988–1999.

Digital Library

[44]

Haoyu Wang, Hao Li, Li Li, Yao Guo, and Guoai Xu. 2018. Why are android apps removed from google play? a large-scale empirical study. In 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR). IEEE, 231–242.

[45]

Haoyu Wang, Yuanchun Li, Yao Guo, Yuvraj Agarwal, and Jason I Hong. 2017. Understanding the purpose of permission use in mobile apps. ACM Transactions on Information Systems (TOIS) 35, 4 (2017), 1–40.

Digital Library

[46]

Haoyu Wang, Hongxuan Liu, Xusheng Xiao, Guozhu Meng, and Yao Guo. 2019. Characterizing Android app signing issues. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 280–292.

Digital Library

[47]

Haoyu Wang, Zhe Liu, Yao Guo, Xiangqun Chen, Miao Zhang, Guoai Xu, and Jason Hong. 2017. An explorative study of the mobile app ecosystem from app developers’ perspective. In Proceedings of the 26th International Conference on World Wide Web. 163–172.

Digital Library

[48]

Haoyu Wang, Zhe Liu, Jingyue Liang, Narseo Vallina-Rodriguez, Yao Guo, Li Li, Juan Tapiador, Jingcun Cao, and Guoai Xu. 2018. Beyond google play: A large-scale comparative study of chinese android app markets. In Proceedings of the Internet Measurement Conference 2018. 293–307.

Digital Library

[49]

Haoyu Wang, Junjun Si, Hao Li, and Yao Guo. 2019. Rmvdroid: towards a reliable android malware dataset with app metadata. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE, 404–408.

Digital Library

[50]

Hui Wang, Yuanyuan Zhang, Juanru Li, Hui Liu, Wenbo Yang, Bodong Li, and Dawu Gu. 2015. Vulnerability assessment of oauth implementations in android applications. In Proceedings of the 31st annual computer security applications conference. 61–70.

Digital Library

[51]

Peng Wang and Georgios A Antonopoulos. 2016. Organized crime and illegal gambling: How do illegal gambling enterprises respond to the challenges posed by their illegality in China?Australian & New Zealand Journal of Criminology 49, 2(2016), 258–280.

[52]

Wikipedia. [n.d.]. CNAME record. https://en.wikipedia.org/wiki/CNAME_record.

[53]

Wikipedia. [n.d.]. DBSCAN. https://en.wikipedia.org/wiki/DBSCAN.

[54]

Wikipedia. [n.d.]. Online Gambling. https://en.wikipedia.org/wiki/Online_gambling.

[55]

Shengqu Xi, Shao Yang, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, 2019. DeepIntent: Deep icon-behavior learning for detecting intention-behavior discrepancy in mobile apps. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2421–2436.

Digital Library

[56]

Hao Yang, Kun Du, Yubao Zhang, Shuang Hao, Zhou Li, Mingxuan Liu, Haining Wang, Haixin Duan, Yazhou Shi, Xiaodong Su, 2019. Casino royale: a deep exploration of illegal online gambling. In Proceedings of the 35th Annual Computer Security Applications Conference. 500–513.

Digital Library

[57]

Quanqi Ye, Yan Zhang, Guangdong Bai, Naipeng Dong, Zhenkai Liang, Jin Song Dong, and Haoyu Wang. 2019. LightSense: A Novel Side Channel for Zero-permission Mobile User Tracking. In International Conference on Information Security. Springer, 299–318.

[58]

Yuanchun Li, Ziyue Yang, Yao Guo, and Xiangqun Chen. 2017. DroidBot: a lightweight UI-Guided test input generator for android. In 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C). 23–26.

[59]

Xian Zhan, Lingling Fan, Tianming Liu, Sen Chen, Li Li, Haoyu Wang, Yifei Xu, Xiapu Luo, and Yang Liu. 2020. Automated Third-Party Library Detection for Android Applications: Are We There Yet?. In 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 919–930.

Digital Library

[60]

Hao Zhou, Haoyu Wang, Yajin Zhou, Xiapu Luo, Yutian Tang, Lei Xue, and Ting Wang. 2020. Demystifying Diehard Android Apps. In 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 187–198.

[61]

Yajin Zhou and Xuxian Jiang. 2012. Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy. IEEE, 95–109.

Digital Library

Cited By

Zhang BShi FXu CXue PSun J(2024)CAKGC: A Clustering Method of Cybercrime Assets Knowledge Graph Based on Feature FusionAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_15(168-185)Online publication date: 30-Jul-2024
https://doi.org/10.1007/978-981-97-5606-3_15
Xue PWen LWang CZhang CMa HHu M(2024)An Illegal Website Family Discovery Method Based on Association Graph ClusteringKnowledge Science, Engineering and Management10.1007/978-981-97-5498-4_13(164-178)Online publication date: 27-Jul-2024
https://doi.org/10.1007/978-981-97-5498-4_13
Feng YZhai RSion RCarbunar BCalandrino JTroncoso C(2023)A study of china's censorship and its evasion through the lens of online gamingProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620383(2599-2616)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620383
Show More Cited By

Recommendations

Serving Mobile Apps: A Slice at a Time
EuroSys '19: Proceedings of the Fourteenth EuroSys Conference 2019

End users wanting to do more and more with mobile apps has led to explosive growth in the number of available apps. This has widened the gap between developers making apps available and end users being able to install all the apps they want on their ...
Spam Mobile Apps: Characteristics, Detection, and in the Wild Analysis

The increased popularity of smartphones has attracted a large number of developers to offer various applications for the different smartphone platforms via the respective app markets. One consequence of this popularity is that the app markets are also ...
Demystifying diehard Android apps
ASE '20: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering

Smartphone vendors are using multiple methods to kill processes of Android apps to reduce the battery consumption. This motivates developers to find ways to extend the liveness time of their apps, hence the name diehard apps in this paper. Although ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '21: Proceedings of the Web Conference 2021

April 2021

4054 pages

ISBN:9781450383127

DOI:10.1145/3442381

Editors:
Jure Leskovec
Stanford
,
Marko Grobelnik
Jožef Stefan Institute
,
Marc Najork
Google
,
Jie Tang
Tsinghua University
,
Leila Zia
Wikimedia Foundation

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '21

Sponsor:

SIGWEB

WWW '21: The Web Conference 2021

April 19 - 23, 2021

Ljubljana, Slovenia

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
523
Total Downloads

Downloads (Last 12 months)130
Downloads (Last 6 weeks)3

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Zhang BShi FXu CXue PSun J(2024)CAKGC: A Clustering Method of Cybercrime Assets Knowledge Graph Based on Feature FusionAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_15(168-185)Online publication date: 30-Jul-2024
https://doi.org/10.1007/978-981-97-5606-3_15
Xue PWen LWang CZhang CMa HHu M(2024)An Illegal Website Family Discovery Method Based on Association Graph ClusteringKnowledge Science, Engineering and Management10.1007/978-981-97-5498-4_13(164-178)Online publication date: 27-Jul-2024
https://doi.org/10.1007/978-981-97-5498-4_13
Feng YZhai RSion RCarbunar BCalandrino JTroncoso C(2023)A study of china's censorship and its evasion through the lens of online gamingProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620383(2599-2616)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620383
Marionneau VRuohio HKarlsson N(2023)Gambling harm prevention and harm reduction in online environments: a call for actionHarm Reduction Journal10.1186/s12954-023-00828-420:1Online publication date: 22-Jul-2023
https://doi.org/10.1186/s12954-023-00828-4
Chen ZLiu JHu YWu LZhou YHe YLiao XWang KLi JQin ZJust RFraser G(2023)DeUEDroid: Detecting Underground Economy Apps Based on UTG SimilarityProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598051(223-235)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598051
Zhang YChen GMeng YZhu H(2023)Understanding and Identifying Cross-Platform UI Framework Based Potentially Unwanted AppsGLOBECOM 2023 - 2023 IEEE Global Communications Conference10.1109/GLOBECOM54140.2023.10436888(6705-6710)Online publication date: 4-Dec-2023
https://doi.org/10.1109/GLOBECOM54140.2023.10436888
Han YWang SLi YCao XHuang LChen Z(2023)Measurement of Illegal Android Gambling App Ecosystem From Joint Promotion Perspective2023 IEEE 10th International Conference on Data Science and Advanced Analytics (DSAA)10.1109/DSAA60987.2023.10302499(1-11)Online publication date: 9-Oct-2023
https://doi.org/10.1109/DSAA60987.2023.10302499
Gu ZXu ZChen HLan JMeng CWang W(2023)Mobile User Interface Element Detection Via Adaptively Prompt Tuning2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)10.1109/CVPR52729.2023.01073(11155-11164)Online publication date: Jun-2023
https://doi.org/10.1109/CVPR52729.2023.01073
Blancaflor EPastrana RSheng MTamayo JUmali J(2023)A Security and Vulnerability Assessment on Android Gambling ApplicationsComputer and Communication Engineering10.1007/978-3-031-35299-7_9(106-115)Online publication date: 14-Jun-2023
https://doi.org/10.1007/978-3-031-35299-7_9
Wang CZhang MShi FXue PLi Y(2022)A Hybrid Multimodal Data Fusion-Based Method for Identifying Gambling WebsitesElectronics10.3390/electronics1116248911:16(2489)Online publication date: 10-Aug-2022
https://doi.org/10.3390/electronics11162489

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents