You can promote, but you can't hide: large-scale abused app detection in mobile app stores

Instead of improving their apps' quality, some developers hire a group of users (called collusive attackers) to post positive ratings and reviews irrespective of the actual app quality. In this work, we aim to expose the apps whose ratings have been manipulated (or abused) by collusive attackers. Specifically, we model the relations of raters and apps as biclique communities and propose four attack signatures to identify malicious communities, where the raters are collusive attackers and the apps are abused apps. We further design a linear-time search algorithm to enumerate such communities in an app store. Our system was implemented and initially run against Apple App Store of China on July 17, 2013. In 33 hours, our system examined 2, 188 apps, with the information of millions of reviews and reviewers downloaded on the fly. It reported 108 abused apps, among which 104 apps were confirmed to be abused. In a later time, we ran our tool against Apple App Stores of China, United Kingdom, and United States in a much larger scale. The evaluation results show that among the apps examined by our tool, abused apps account for 0.94%, 0.92%, and 0.57% out of all the analyzed apps, respectively in June 2013. In our latest checking on Oct. 15, 2015, these ratios decrease to 0.44%, 0.70%, and 0.42%, respectively. Our algorithm can greatly narrow down the suspect list from all apps (e.g., below 1% as shown in our paper). App store vendors may then use other information to do further verification.

[1]  Guofei Gu,et al.  NEIGHBORWATCHER: A Content-Agnostic Comment Spam Inference System , 2013, NDSS.

[2]  Derrick Kondo,et al.  A maximum independent set approach for collusion detection in voting pools , 2011, J. Parallel Distributed Comput..

[3]  Sencun Zhu,et al.  AppWatcher: unveiling the underground market of trading mobile app reviews , 2015, WISEC.

[4]  Guizhen Yang,et al.  The complexity of mining maximal frequent itemsets and maximal frequent patterns , 2004, KDD.

[5]  Arjun Mukherjee,et al.  Spotting fake reviewer groups in consumer reviews , 2012, WWW.

[6]  Venkatesan Guruswami,et al.  CopyCatch: stopping group attacks by spotting lockstep behavior in social networks , 2013, WWW.

[7]  Sencun Zhu,et al.  GroupTie: toward hidden collusion group discovery in app stores , 2014, WiSec '14.

[8]  Thomas Engel,et al.  Collusion Detection for Grid Computing , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[9]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[10]  Enver Kayaaslan On Enumerating All Maximal Bicliques of Bipartite Graphs , 2010, CTW.

[11]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[12]  HyunYong Lee,et al.  Simplified clique detection for collusion-resistant reputation management scheme in P2P networks , 2010, 2010 10th International Symposium on Communications and Information Technologies.

[13]  Elisa Bertino,et al.  Representation and querying of unfair evaluations in social rating systems , 2014, Comput. Secur..

[14]  Chunyan Miao,et al.  An Entropy-Based Approach to Protecting Rating Systems from Unfair Testimonies , 2006, IEICE Trans. Inf. Syst..

[15]  Elisa Bertino,et al.  Detecting, Representing and Querying Collusion in Online Rating Systems , 2012, ArXiv.

[16]  Rishi Chandy,et al.  Identifying spam in the iOS app store , 2012, WebQuality '12.

[17]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[18]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[19]  Kai Hwang,et al.  Trust overlay networks for global reputation aggregation in P2P grid computing , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[20]  Ting Yu,et al.  RunTest: assuring integrity of dataflow processing in cloud computing infrastructures , 2010, ASIACCS '10.