DaPanda: Detecting Aggressive Push Notifications in Android Apps

Mobile push notifications have been widely used in mobile platforms to deliver all sorts of information to app users. Although it offers great convenience for both app developers and mobile users, this feature was frequently reported to serve malicious and aggressive purposes, such as delivering annoying push notification advertisement. However, to the best of our knowledge, this problem has not been studied by our research community so far. To fill the void, this paper presents the first study to detect aggressive push notifications and further characterize them in the global mobile app ecosystem on a large scale. To this end, we first provide a taxonomy of mobile push notifications and identify the aggressive ones using a crowdsourcing-based method. Then we propose sc DaPanda, a novel hybrid approach, aiming at automatically detecting aggressive push notifications in Android apps. sc DaPanda leverages a guided testing approach to systematically trigger and record push notifications. By instrumenting the Android framework, sc DaPanda further collects all notification-relevant runtime information to flag the aggressive ones. Our experimental results show that sc DaPanda is capable of detecting different types of aggressive push notifications effectively in an automated way. By applying sc DaPanda to 20,000 Android apps from different app markets, it yields over 1,000 aggressive notifications, which have been further confirmed as true positives. Our in-depth analysis further reveals that aggressive notifications are prevalent across different markets and could be manifested in all the phases in the lifecycle of push notifications. It is hence urgent for our community to take actions to detect and mitigate apps involving aggressive push notifications.

[1]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[2]  Jacques Klein,et al.  Automated Testing of Android Apps: A Systematic Literature Review , 2019, IEEE Transactions on Reliability.

[3]  Narseo Vallina-Rodriguez,et al.  Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets , 2018, Internet Measurement Conference.

[4]  Li Li,et al.  How do Mobile Apps Violate the Behavioral Policy of Advertisement Libraries? , 2018, HotMobile '18.

[5]  Hao Li,et al.  Understanding the Evolution of Mobile App Ecosystems: A Longitudinal Measurement Study of Google Play , 2019, WWW.

[6]  Tatsuya Mori,et al.  Detecting and Classifying Android PUAs by Similarity of DNS queries , 2017, 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC).

[7]  Martin Pielot,et al.  An in-situ study of mobile phone notifications , 2014, MobileHCI '14.

[8]  Jacques Klein,et al.  FraudDroid: automated ad fraud detection for Android apps , 2017, ESEC/SIGSOFT FSE.

[9]  Mansour Ahmadi,et al.  Detecting Misuse of Google Cloud Messaging in Android Badware , 2016, SPSM@CCS.

[10]  Haoyu Wang,et al.  WuKong: a scalable and accurate two-phase approach to Android app clone detection , 2015, ISSTA.

[11]  Tongxin Li,et al.  Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services , 2014, CCS.

[12]  Yuanchun Li,et al.  Automated Extraction of Personal Knowledge from Smartphone Push Notifications , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[13]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[14]  Jacques Klein,et al.  Revisiting the impact of common libraries for android-related investigations , 2019, J. Syst. Softw..

[15]  Haoyu Wang,et al.  LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[16]  Hongxia Jin,et al.  Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps , 2015, MobiSys.

[17]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[18]  Jacques Klein,et al.  Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting , 2017, IEEE Transactions on Information Forensics and Security.

[19]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[20]  Dan S. Wallach,et al.  Longitudinal Analysis of Android Ad Library Permissions , 2013, ArXiv.

[21]  Vitaly Shmatikov,et al.  What Mobile Ads Know About Mobile Users , 2016, NDSS.

[22]  Jacques Klein,et al.  Static analysis of android apps: A systematic literature review , 2017, Inf. Softw. Technol..

[23]  Martin Pielot,et al.  Dismissed!: a detailed exploration of how mobile phone users handle push notifications , 2018, MobileHCI.

[24]  Jun Sun,et al.  Towards Model Checking Android Applications , 2018, IEEE Transactions on Software Engineering.

[25]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[26]  Tao Xie,et al.  A Study of Grayware on Google Play , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[27]  Lingling Fan,et al.  A Large-Scale Empirical Study on Industrial Fake Apps , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP).

[28]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[29]  Zhi Xu,et al.  Abusing Notification Services on Smartphones for Phishing and Spamming , 2012, WOOT.

[30]  Kai Chen,et al.  Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations , 2015, CCS.

[31]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.

[32]  Yuanchun Li,et al.  DroidBot: A Lightweight UI-Guided Test Input Generator for Android , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[33]  Guoai Xu,et al.  AppNet: understanding app recommendation in Google Play , 2019, WAMA@ESEC/SIGSOFT FSE.

[34]  Hao Li,et al.  RmvDroid: Towards A Reliable Android Malware Dataset with App Metadata , 2019, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR).

[35]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[36]  Yi Ge,et al.  Intelligent Push Notification for Converged Mobile Computing and Internet of Things , 2015, 2015 IEEE International Conference on Web Services.

[37]  Jian Liu,et al.  LibD: Scalable and Precise Third-Party Library Detection in Android Markets , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[38]  Xiang Pan,et al.  Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces , 2016, NDSS.

[39]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[40]  Alessandra Gorla,et al.  Mining Apps for Abnormal Usage of Sensitive Data , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[41]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[42]  Li Li,et al.  Want to Earn a Few Extra Bucks? A First Look at Money-Making Apps , 2019, 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[43]  Li Li,et al.  Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications , 2018, IEEE Transactions on Dependable and Secure Computing.

[44]  R. Likert “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.

[45]  Brooks C. Holtom,et al.  Survey response rate levels and trends in organizational research , 2008 .

[46]  Jong Kim,et al.  Punobot: Mobile Botnet Using Push Notification Service in Android , 2013, WISA.

[47]  Haoyu Wang,et al.  Understanding Third-Party Libraries in Mobile App Analysis , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[48]  Hui Xiong,et al.  Discovery of Ranking Fraud for Mobile Apps , 2015, IEEE Transactions on Knowledge and Data Engineering.

[49]  Ian Warren,et al.  Push Notification Mechanisms for Pervasive Smartphone Applications , 2014, IEEE Pervasive Computing.

[50]  Dongmei Zhang,et al.  An Approach for Modeling and Analyzing Mobile Push Notification Services , 2014, 2014 IEEE International Conference on Services Computing.

[51]  Tao Xie,et al.  EnMobile: Entity-Based Characterization and Analysis of Mobile Malware , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[52]  Quynh Ho Van,et al.  Apple Push notification service , 2017 .