Skip to main content
SpringerLink
Log in

Characterizing Promotional Attacks in Mobile App Store

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 719))

Abstract

Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile apps. When users look for an app of interest, they can acquire useful data from the app store to facilitate their decision on installing the app or not. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Unfortunately, miscreants also exploit such channels to conduct promotional attacks (PAs) that lure victims to install malicious apps. In this paper, we propose and develop a new system called PADetective to detect miscreants who are likely to be conducting promotional attacks. Using a dataset with 1,723 of labeled samples, we demonstrate that the true positive rate of detection model is 90%, with a false positive rate of 5.8%. We then applied PADetective to a large dataset for characterizing the prevalence of PAs in the wild and find 289 K potential PA attackers who posted reviews to 21 K malicious apps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Developer policy center. http://goo.gl/yA0qUb

  2. Feature selection. http://scikit-learn.org/stable/modules/feature_selection.html

  3. gensim:topic modelling for humans. https://radimrehurek.com/gensim/

  4. Google play reviews collection service. https://play.google.com/store/getreviews

  5. Natural language toolkit. http://www.nltk.org

  6. scikit-learn:machine learning in python. http://scikit-learn.org/stable/

  7. Textblob: Simplified text processing. http://textblob.readthedocs.io/en/dev/

  8. Virustotal- free online virus, malware and url scanner. https://www.virustotal.com

  9. The FTC’s endorsement guides: What people are asking (2015). http://goo.gl/3875GT

  10. El Ahmad, A.S., Yan, J., Ng, W.-Y.: Captcha design: color, usability, and security. IEEE Internet Comput. 16(2), 44–51 (2012)

    Article  Google Scholar 

  11. Fu, B., Lin, J., Li, L., Faloutsos, C., Hong, J.I., Sadeh, N.M.: Why people hate your app: making sense of user feedback in a mobile app store. In: Proceedings of the ACM KDD (2013)

    Google Scholar 

  12. Ganguly, R.: App. store optimization - a crucial piece of the mobile app marketing puzzle (2013). https://blog.kissmetrics.com/app-store-optimization/

  13. Kong, D., Cen, L., Jin, H.: AUTOREB: automatically understanding the review-to-behavior fidelity in android applications. In: Proceedings of the ACM CCS (2015)

    Google Scholar 

  14. Le, Q.V., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the ICML (2014)

    Google Scholar 

  15. Lim, E., Nguyen, V., Jindal, N., Liu, B., Lauw, H.W.: Detecting product review spammers using rating behaviors. In: Proceedings of the ACM CIKM (2010)

    Google Scholar 

  16. Liu, B., Nath, S., Govindan, R., Liu, J.: DECAF: detecting and characterizing ad fraud in mobile apps. In: Proceedings of the NSDI (2014)

    Google Scholar 

  17. Mukherjee, A., Liu, B., Glance, N.S.: Spotting fake reviewer groups in consumer reviews. In: Proceedings of the WWW (2012)

    Google Scholar 

  18. Mukherjee, A., Liu, B., Wang, J., Glance, N.S., Jindal, N.: Detecting group review spam. In: Proceedings of the WWW (2011)

    Google Scholar 

  19. Oh, H., Kim, S., Park, S., Zhou, M.: Can you trust online ratings? A mutual reinforcement model for trustworthy online rating systems. IEEE Trans. Syst. Man Cybern. Syst. 45(12), 1564–1576 (2015)

    Article  Google Scholar 

  20. Statista Inc.: Number of apps available in leading app stores as of June 2016. http://goo.gl/JnBkmY

  21. Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play. In: Proceedings of the ACM SIGMETRICS (2014)

    Google Scholar 

  22. Xie, Z., Zhu, S.: Grouptie: toward hidden collusion group discovery in app stores. In: Proceedings of the ACM WiSec (2014)

    Google Scholar 

  23. Xie, Z., Zhu, S.: Appwatcher: unveiling the underground market of trading mobile app reviews. In: Proceedings of the ACM WiSec (2015)

    Google Scholar 

  24. Zhao, Y., Xie, Y., Yu, F., Ke, Q., Yu, Y., Chen, Y., Gillum, E.: Botgraph: large scale spamming botnet detection. In: Proceedings of the NSDI (2009)

    Google Scholar 

Download references

Acknowledgements

A part of this work was supported by JSPS Grant-in-Aid for Scientific Research (KAKENHI) B, Grant number JP16H02832. A part of this work was also supported by a Grant for Non-Japanese Researchers from the NEC C&C Foundation and a Waseda University Grant for Special Research Projects (Project number: 2016S-055).

Author information

Authors and Affiliations

  1. Department of Computer Science and Communications Engineering, Waseda University, Shinjuku, Japan

    Bo Sun & Tatsuya Mori

  2. Department of Computing, The Hong Kong Polytechnic University, Kowloon, Hong Kong

    Xiapu Luo

  3. NTT Secure Platform Laboratories, NTT Corporation, Tokyo, Japan

    Mitsuaki Akiyama & Takuya Watanabe

Authors
  1. Bo Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiapu Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mitsuaki Akiyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takuya Watanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tatsuya Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bo Sun .

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, Geelong, Victoria, Australia

    Lynn Batten

  2. University of Canterbury, Christchurch, New Zealand

    Dong Seong Kim

  3. The University of Auckland, Auckland, New Zealand

    Xuyun Zhang

  4. Deakin University, Geelong, Victoria, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Sun, B., Luo, X., Akiyama, M., Watanabe, T., Mori, T. (2017). Characterizing Promotional Attacks in Mobile App Store. In: Batten, L., Kim, D., Zhang, X., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2017. Communications in Computer and Information Science, vol 719. Springer, Singapore. https://doi.org/10.1007/978-981-10-5421-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-5421-1_10

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-5420-4

  • Online ISBN: 978-981-10-5421-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation