skip to main content
10.1145/2594368.2594391acmconferencesArticle/Chapter ViewAbstractPublication PagesmobisysConference Proceedingsconference-collections
research-article

MAdFraud: investigating ad fraud in android applications

Published: 02 June 2014 Publication History

Abstract

Many Android applications are distributed for free but are supported by advertisements. Ad libraries embedded in the app fetch content from the ad provider and display it on the app's user interface. The ad provider pays the developer for the ads displayed to the user and ads clicked by the user. A major threat to this ecosystem is ad fraud, where a miscreant's code fetches ads without displaying them to the user or "clicks" on ads automatically. Ad fraud has been extensively studied in the context of web advertising but has gone largely unstudied in the context of mobile advertising.
We take the first step to study mobile ad fraud perpetrated by Android apps. We identify two fraudulent ad behaviors in apps: 1) requesting ads while the app is in the background, and 2) clicking on ads without user interaction. Based on these observations, we developed an analysis tool, MAdFraud, which automatically runs many apps simultaneously in emulators to trigger and expose ad fraud. Since the formats of ad impressions and clicks vary widely between different ad providers, we develop a novel approach for automatically identifying ad impressions and clicks in three steps: building HTTP request trees, identifying ad request pages using machine learning, and detecting clicks in HTTP request trees using heuristics. We apply our methodology and tool to two datasets: 1) 130,339 apps crawled from 19 Android markets including Play and many third-party markets, and 2) 35,087 apps that likely contain malware provided by a security company. From analyzing these datasets, we find that about 30% of apps with ads make ad requests while in running in the background. In addition, we find 27 apps which generate clicks without user interaction. We find that the click fraud apps attempt to remain stealthy when fabricating ad traffic by only periodically sending clicks and changing which ad provider is being targeted between installations.

References

[1]
AdSense Terms and Conditions. url: https://www. google.com/adsense/localized-terms.
[2]
AppBrain. Android Ad Networks. 2013. url: http://www.appbrain.com/stats/libraries/ad.
[3]
T. Berners-Lee, R. Fielding, and H. Frystyk. Hypertext Transfer Protocol -- HTTP/1.0. 1996. url: http://www.isi.edu/in-notes/rfc1945.txt.
[4]
Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. SMOTE: Synthetic Minority Over-sampling Technique". In: Journal of Artificial Intelligence Research 16 (2002), pp. 321--357.
[5]
Eric Chien. Motivations of Recent Android Malware. Tech. rep. Technical Report, Symantec Security, 2013.
[6]
Neil Daswani et al. Online advertising fraud". In: Crime-ware: understanding new attacks and defenses (2008).
[7]
John Gamble. MaClickFraud: Counterfeit Clicks and Search Queries. 2013. url: https://blog.lookout. com/blog/2013/11/01/maclickfraud-counterfeit-clicks-and-search-queries/.
[8]
Clint Gibler et al. AdRob: Examining the Landscape and Impact of Android Application Plagiarism". In: Proceedings of 11th International Conference on Mobile Systems, Applications and Services. 2013.
[9]
Michael C Grace,Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. Unsafe exposure analysis of mobile inapp advertisements". In: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM. 2012, pp. 101--112.
[10]
Hamed Haddadi. Fighting online click-fraud using bluff ads". In: ACM SIGCOMM Computer Communication Review 40.2 (2010), pp. 21--25.
[11]
How Facebook Beats Ad Fraud. url: http://www.businessweek.com/articles/2013-11-26/how-facebook-beats-ad-fraud.
[12]
Kristen Kennedy, Eric Gustafson, and Hao Chen. Quantifying the Effects of Removing Permissions from Android Applications". In: Workshop on Mobile Security Technologies (MoST). 2013.
[13]
Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu. DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps". In: Presented as part of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). Seattle, WA: USENIX, 2014.
[14]
Peter Lowe. Ad blocking with ad server hostnames and IP addresses. 2013. url: http://pgl.yoyo.org/as/.
[15]
Mohammad Mahdian and Kerem Tomak. Pay-peraction model for online advertising". In: Proceedings of the 1st international workshop on Data mining and audience intelligence for advertising. ACM. 2007, pp. 1--6.
[16]
Ahmed Metwally, Divyakant Agrawal, and Amr El Abbadi Detectives: detecting coalition hit inflation attacks in advertising networks streams". In: Proceedings of the 16th international conference on World Wide Web. ACM. 2007, pp. 241--250.
[17]
Ahmed Metwally, Divyakant Agrawal, and Amr El Abbadi. Duplicate detection in click streams". In: Proceedings of the 14th international conference on World Wide Web. ACM. 2005, pp. 12--21.
[18]
Ahmed Metwally, Divyakant Agrawal, Amr El Abbadi, and Qi Zheng. On hit inflation techniques and detection in streams of web advertising networks". In: Distributed Computing Systems, 2007. ICDCS'07. 27th International Conference on. IEEE. 2007, pp. 52--52.
[19]
Millennial Media Terms and Conditions. url: https://tools.mmedia.com/login/termsAndConditions/index.
[20]
MobFox Terms of Service. url: http://www.mobfox.com/terms-of-service/.
[21]
Hamid Nazerzadeh, Amin Saberi, and Rakesh Vohra. Dynamic cost-per-action mechanisms and applications to online advertising". In: Proceedings of the 17th international conference on World Wide Web. ACM. 2008, pp. 179--188.
[22]
Vern Paxson. Bro: a system for detecting network intruders in real-time". In: Computer networks 31.23 (1999), pp. 2435--2463.
[23]
F. Pedregosa et al. Scikit-learn: Machine Learning in Python". In: Journal of Machine Learning Research 12 (2011), pp. 2825--2830.
[24]
ProGuard. url: http://proguard.sourceforge.net/.
[25]
Dominik Schürmann. Adaway. 2013. url: http://sufficientlysecure.org/index.php/adaway/.
[26]
T. Spring. Sneaky Mobile Ads Invade Android Phones. 2013. url:http://www.pcworld.com/article/245305/sneaky_mobile_ads_invade_android_phones.html.
[27]
Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. Investigating user privacy in android ad libraries". In: Workshop on Mobile Security Technologies (MoST). 2012.
[28]
Brett Stone-Gross et al. Understanding fraudulent activities in online ad exchanges". In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM. 2011, pp. 279--294.
[29]
Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, and Solon Barocas. Adnostic: Privacy Preserving Targeted Advertising."In: NDSS. 2010.
[30]
Linfeng Zhang and Yong Guan. Detecting click fraud in pay-per-click streams of online advertising networks". In: Distributed Computing Systems, 2008. ICDCS'08. The 28th International Conference on. IEEE. 2008, pp. 77--84.

Cited By

View all
  • (2025)Combating Evolving ThreatsAvoiding Ad Fraud and Supporting Brand Safety10.4018/979-8-3693-7041-4.ch005(113-144)Online publication date: 10-Jan-2025
  • (2024)Innovative Approaches to Market Segmentation Using AI in Emerging EconomiesIntegrating AI-Driven Technologies Into Service Marketing10.4018/979-8-3693-7122-0.ch017(343-374)Online publication date: 26-Jul-2024
  • (2024)Harnessing AI for Next-Generation Service MarketingIntegrating AI-Driven Technologies Into Service Marketing10.4018/979-8-3693-7122-0.ch015(265-298)Online publication date: 26-Jul-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MobiSys '14: Proceedings of the 12th annual international conference on Mobile systems, applications, and services
June 2014
410 pages
ISBN:9781450327930
DOI:10.1145/2594368
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. android
  2. app testing
  3. click fraud
  4. data mining
  5. network traffic classification
  6. online advertising

Qualifiers

  • Research-article

Conference

MobiSys'14
Sponsor:

Acceptance Rates

MobiSys '14 Paper Acceptance Rate 25 of 185 submissions, 14%;
Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)57
  • Downloads (Last 6 weeks)3
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Combating Evolving ThreatsAvoiding Ad Fraud and Supporting Brand Safety10.4018/979-8-3693-7041-4.ch005(113-144)Online publication date: 10-Jan-2025
  • (2024)Innovative Approaches to Market Segmentation Using AI in Emerging EconomiesIntegrating AI-Driven Technologies Into Service Marketing10.4018/979-8-3693-7122-0.ch017(343-374)Online publication date: 26-Jul-2024
  • (2024)Harnessing AI for Next-Generation Service MarketingIntegrating AI-Driven Technologies Into Service Marketing10.4018/979-8-3693-7122-0.ch015(265-298)Online publication date: 26-Jul-2024
  • (2024)Enhancing Transparency and Accountability of TPLs with PBOM: A Privacy Bill of MaterialsProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696159(1-11)Online publication date: 19-Nov-2024
  • (2024)Measuring Compliance Implications of Third-party Libraries' Privacy Label Disclosure GuidelinesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670371(1641-1655)Online publication date: 2-Dec-2024
  • (2024)Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security ImplicationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670314(2963-2977)Online publication date: 2-Dec-2024
  • (2024)"I tend to view ads almost like a pestilence": On the Accessibility Implications of Mobile Ads for Blind UsersProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639228(1-13)Online publication date: 20-May-2024
  • (2024)The Inventory is Dark and Full of Misinformation: Understanding Ad Inventory Pooling in the Ad-Tech Supply Chain2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00003(1590-1608)Online publication date: 19-May-2024
  • (2024)A Multidimensional Detection Model of Android Malicious Applications Based on Dynamic and Static AnalysisProceedings of the 13th International Conference on Computer Engineering and Networks10.1007/978-981-99-9247-8_2(11-21)Online publication date: 4-Jan-2024
  • (2023)Artificial Intelligence in Advertising: Advancements, Challenges, and Ethical Considerations in Targeting, Personalization, Content Creation, and Ad OptimizationSage Open10.1177/2158244023121075913:4Online publication date: 30-Nov-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

EPUB

View this article in ePub.

ePub

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media