Revisiting Mobile Advertising Threats with MAdLife

Online advertising is one of the primary funding sources for various of content, services, and applications on both web and mobile platforms. Mobile in-app advertising reuses many existing web technologies under the same ad-serving model (i.e., users - publishers - ad networks - advertisers). Nevertheless, mobile in-app advertising is different from the traditional web advertising in many aspects. For example, malicious app developers can generate fraudulent ad clicks in an automated fashion, but malicious web publishers have to launch click fraud with bots. In spite of using the same underlying web infrastructure, advertising threats behave differently on the two platforms. Existing works have studied separately click fraud and malvertising in the mobile setting. However, it is unknown if there exists a relationship between these two dominant threats. In this paper, we present an ad collection framework – MAdLife – on Android to capture all the in-app ad traffic generated during an ad's entire lifespan. MAdLife allows us to revisit both threats in a fine-grained manner and study the relationship between them. It further enables the exploration of other threats related to ad landing pages. We analyzed 5.7K Android apps crawled from the Google Play Store, and collected 83K ads and their landing pages using MAdLife. Similar to traditional web ads, 58K ads landed on web pages. We discovered 37 click-fraud apps, and found that 1.49% of the 58K ads were malicious. We also revealed a strong correlation between fraudulent apps and malicious ads. Specifically, 15.44% of malicious ads originated from the fraudulent apps. Conversely, 18.36% of the ads served in the fraudulent apps were malicious, while only 1.28% were malicious in the rest apps. This suggests that users of fraudulent apps are much more (14x) likely to encounter malicious ads. Additionally, we discovered that 243 popular JavaScript snippets embedded by over 10% of the landing pages were malicious. Finally, we conducted the first analysis on inappropriate mobile in-app ads.

[1]  Suman Nath,et al.  MAdScope: Characterizing Mobile In-App Targeted Ads , 2015, MobiSys.

[2]  Qiang Ma,et al.  Adscape: harvesting and analyzing online display ads , 2014, WWW.

[3]  Lejian Liao,et al.  DOM based content extraction via text density , 2011, SIGIR.

[4]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[5]  Gong Chen,et al.  In-Depth Survey of Digital Advertising Technologies , 2016, IEEE Communications Surveys & Tutorials.

[6]  Michael Backes,et al.  Seamless In-App Ad Blocking on Stock Android , 2017, 2017 IEEE Security and Privacy Workshops (SPW).

[7]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[8]  Gianluca Stringhini,et al.  The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements , 2014, Internet Measurement Conference.

[9]  Christopher Krügel,et al.  Detection and analysis of drive-by-download attacks and malicious JavaScript code , 2010, WWW '10.

[10]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[11]  Joshua Goodman,et al.  Finding advertising keywords on web pages , 2006, WWW '06.

[12]  Yong Guan,et al.  Detecting Click Fraud in Pay-Per-Click Streams of Online Advertising Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[13]  Antonio Nucci,et al.  Detecting malicious HTTP redirections using trees of user browsing activity , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[14]  Xiang Pan,et al.  Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces , 2016, NDSS.

[15]  Ying Chen,et al.  Children's Exposure to Mobile In-App Advertising: An Analysis of Content Appropriateness , 2013, 2013 International Conference on Social Computing.

[16]  Kristin A. Bryant [1ShidlerJLComTech004] Not Child's Play: Compliance with the Children's Online Privacy Protection Rule , 2004 .

[17]  Alexandre Gerber,et al.  Dissecting ghost clicks: ad fraud via misdirected human clicks , 2012, ACSAC '12.

[18]  Suman Nath,et al.  SmartAds: bringing contextual ads to mobile apps , 2013, MobiSys '13.

[19]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[20]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.

[21]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[22]  Athina Markopoulou,et al.  NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking , 2018, Proc. Priv. Enhancing Technol..

[23]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[24]  Guoai Xu,et al.  FrauDroid: An Accurate and Scalable Approach to Automated Mobile Ad Fraud Detection , 2017, ArXiv.

[25]  Wenke Lee,et al.  TrackMeOrNot: Enabling Flexible Control on Web Tracking , 2016, WWW.

[26]  Benjamin Livshits,et al.  ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[27]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.