Annual Computer Security Applications Conference (ACSAC) 2016

Full Program »

You Can Promote, But You Can't Hide: Large-Scale Abused App Detection in Mobile App Stores

Instead of improving their apps’ quality, some developers
hire a group of users (called collusive attackers) to post
positive ratings and reviews irrespective of the actual app
quality. In this work, we aim to expose the apps whose
ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and
apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are
collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such
communities in an app store. Our system was implemented
and initially run against Apple App Store of China on July
17, 2013. In 33 hours, our system examined 2, 188 apps,
with the information of millions of reviews and reviewers
downloaded on the fly. It reported 108 abused apps, among
which 104 apps were confirmed to be abused. In a later time,
we ran our tool against Apple App Stores of China, United
Kingdom, and United States in a much larger scale. The
evaluation results show that among the apps examined by
our tool, abused apps account for 0.94%, 0.92%, and 0.57%
out of all the analyzed apps, respectively in June 2013. In
our latest checking on Oct. 15, 2015, these ratios decrease
to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm
can greatly narrow down the suspect list from all apps (e.g.,
below 1% as shown in our paper). App store vendors may
then use other information to do further verification.

Author(s):

Zhen Xie    
The Pennsylvania State University
United States

Sencun Zhu    
The Pennsylvania State University
United States

Wenjing Wang    
Bluecoat Inc.
United States

Qing Li    
Bluecoat Inc.
United States

 

Powered by OpenConf®
Copyright©2002-2016 Zakon Group LLC