You can promote, but you can't hide: Large-scale abused app detection in mobile app stores

Zhen Xie, Sencun Zhu, Qing Li, Wenjing Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.

Original languageEnglish (US)
Title of host publicationProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
PublisherAssociation for Computing Machinery
Pages374-385
Number of pages12
ISBN (Electronic)9781450347716
DOIs
StatePublished - Dec 5 2016
Event32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, United States
Duration: Dec 5 2016Dec 9 2016

Publication series

NameACM International Conference Proceeding Series
Volume5-9-December-2016

Other

Other32nd Annual Computer Security Applications Conference, ACSAC 2016
CountryUnited States
CityLos Angeles
Period12/5/1612/9/16

Fingerprint

Application programs
Information use

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Xie, Z., Zhu, S., Li, Q., & Wang, W. (2016). You can promote, but you can't hide: Large-scale abused app detection in mobile app stores. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016 (pp. 374-385). (ACM International Conference Proceeding Series; Vol. 5-9-December-2016). Association for Computing Machinery. https://doi.org/10.1145/2991079.2991099
Xie, Zhen ; Zhu, Sencun ; Li, Qing ; Wang, Wenjing. / You can promote, but you can't hide : Large-scale abused app detection in mobile app stores. Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Association for Computing Machinery, 2016. pp. 374-385 (ACM International Conference Proceeding Series).
@inproceedings{c8e17188ec5d4b598b68ec23e7cd0078,
title = "You can promote, but you can't hide: Large-scale abused app detection in mobile app stores",
abstract = "Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94{\%}, 0.92{\%}, and 0.57{\%} out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44{\%}, 0.70{\%}, and 0.42{\%}, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1{\%} as shown in our paper). App store vendors may then use other information to do further verification.",
author = "Zhen Xie and Sencun Zhu and Qing Li and Wenjing Wang",
year = "2016",
month = "12",
day = "5",
doi = "10.1145/2991079.2991099",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
pages = "374--385",
booktitle = "Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016",

}

Xie, Z, Zhu, S, Li, Q & Wang, W 2016, You can promote, but you can't hide: Large-scale abused app detection in mobile app stores. in Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. ACM International Conference Proceeding Series, vol. 5-9-December-2016, Association for Computing Machinery, pp. 374-385, 32nd Annual Computer Security Applications Conference, ACSAC 2016, Los Angeles, United States, 12/5/16. https://doi.org/10.1145/2991079.2991099

You can promote, but you can't hide : Large-scale abused app detection in mobile app stores. / Xie, Zhen; Zhu, Sencun; Li, Qing; Wang, Wenjing.

Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Association for Computing Machinery, 2016. p. 374-385 (ACM International Conference Proceeding Series; Vol. 5-9-December-2016).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - You can promote, but you can't hide

T2 - Large-scale abused app detection in mobile app stores

AU - Xie, Zhen

AU - Zhu, Sencun

AU - Li, Qing

AU - Wang, Wenjing

PY - 2016/12/5

Y1 - 2016/12/5

N2 - Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.

AB - Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.

UR - http://www.scopus.com/inward/record.url?scp=85007583350&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85007583350&partnerID=8YFLogxK

U2 - 10.1145/2991079.2991099

DO - 10.1145/2991079.2991099

M3 - Conference contribution

AN - SCOPUS:85007583350

T3 - ACM International Conference Proceeding Series

SP - 374

EP - 385

BT - Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016

PB - Association for Computing Machinery

ER -

Xie Z, Zhu S, Li Q, Wang W. You can promote, but you can't hide: Large-scale abused app detection in mobile app stores. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Association for Computing Machinery. 2016. p. 374-385. (ACM International Conference Proceeding Series). https://doi.org/10.1145/2991079.2991099