The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud

Mobile ad fraud is a significant threat that victimizes app publishers and their users, thereby undermining the ecosystem of app markets. Prior works on detecting mobile ad fraud have focused on constructing predefined test scenarios that preclude user involvement in identifying ad fraud. However, due to their dependence on contextual testing environments, these works have neglected to track which app modules and which user interactions are responsible for observed ad fraud. To address these shortcomings, this paper presents the design and implementation of FraudDetective, a dynamic testing framework that identifies ad fraud activities. FraudDetective focuses on identifying fraudulent activities that originate without any user interactions. FraudDetective computes a full stack trace from an observed ad fraud activity to a user event by connecting fragmented multiple stack traces, thus generating the causal relationships between user inputs and the observed fraudulent activity. We revised an Android Open Source Project (AOSP) to emit detected ad fraud activities along with their full stack traces, which help pinpoint the app modules responsible for the observed fraud activities. We evaluate FraudDetective on 48,172 apps from Google Play Store. FraudDetective reports that 74 apps are responsible for 34,453 ad fraud activities and find that 98.6% of the fraudulent behaviors originate from embedded third-party ad libraries. Our evaluation demonstrates that FraudDetective is capable of accurately identifying ad fraud via reasoning based on observed suspicious behaviors without user interactions. The experimental results also yield the new insight that abusive ad service providers harness their ad libraries to actively engage in committing ad fraud.

[1]  Vitaly Shmatikov,et al.  What Mobile Ads Know About Mobile Users , 2016, NDSS.

[2]  Neil Daswani,et al.  The Anatomy of Clickbot.A , 2007, HotBots.

[3]  Qi Li,et al.  RealDroid: Large-Scale Evasive Malware Detection on "Real Devices" , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[4]  Hyoungshick Kim,et al.  An Empirical Study of Click Fraud in Mobile Advertising Networks , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[5]  Jie Liu,et al.  DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps , 2014, NSDI.

[6]  Ryan Stevens,et al.  MAdFraud: investigating ad fraud in android applications , 2014, MobiSys.

[7]  Insik Shin,et al.  FLEXDROID: Enforcing In-App Privilege Separation in Android , 2016, NDSS.

[8]  Yong Guan,et al.  Detecting Click Fraud in Pay-Per-Click Streams of Online Advertising Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[9]  Zhenkai Liang,et al.  AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.

[10]  Saikat Guha,et al.  Characterizing Large-Scale Click Fraud in ZeroAccess , 2014, CCS.

[11]  L. Ambrose,et al.  Get Started! , 2024, Rock the Tech Stage.

[12]  Jacques Klein,et al.  FraudDroid: automated ad fraud detection for Android apps , 2017, ESEC/SIGSOFT FSE.

[13]  吉田 則裕,et al.  Android Open Source Projectを対象としたパッチレビュー活動の調査 , 2012 .

[14]  Helen J. Wang,et al.  Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.

[15]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[16]  Hamed Haddadi,et al.  Fighting online click-fraud using bluff ads , 2010, CCRV.

[17]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM '12.

[18]  Gong Chen,et al.  Revisiting Mobile Advertising Threats with MAdLife , 2019, WWW.

[19]  Yi Zhu,et al.  Click Fraud , 2009, Mark. Sci..

[20]  Yuan Zhang,et al.  Detecting third-party libraries in Android applications with high precision and recall , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[21]  Xinyu Xing,et al.  All Your Clicks Belong to Me: Investigating Click Interception on the Web , 2019, USENIX Security Symposium.

[22]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[23]  Olga Gadyatskaya,et al.  Fine-grained Code Coverage Measurement in Automated Black-box Android Testing , 2018, ACM Trans. Softw. Eng. Methodol..

[24]  Alireza Sahami Shirazi,et al.  Upright or sideways?: analysis of smartphone postures in the wild , 2013, MobileHCI '13.

[25]  Shashi Shekhar,et al.  AdSplit: Separating Smartphone Advertising from Applications , 2012, USENIX Security Symposium.

[26]  Erik Derr,et al.  Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android , 2017, CCS.

[27]  Bin Ma,et al.  Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[28]  Sakir Sezer,et al.  EMULATOR vs REAL PHONE: Android Malware Detection Using Machine Learning , 2017, IWSPA@CODASPY.

[29]  Ziming Zhao,et al.  Morpheus: automatically generating heuristics to detect Android emulators , 2014, ACSAC '14.

[30]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[31]  Yuta Takata,et al.  Understanding the Origins of Mobile App Vulnerabilities: A Large-Scale Measurement Study of Free and Paid Apps , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[32]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[33]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[34]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[35]  Michael Eichberg,et al.  CodeMatch: obfuscation won't conceal your repackaged app , 2017, ESEC/SIGSOFT FSE.