RacketStore: measurements of ASO deception in Google play via mobile and app usage

Online app search optimization (ASO) platforms that provide bulk installs and fake reviews for paying app developers in order to fraudulently boost their search rank in app stores, were shown to employ diverse and complex strategies that successfully evade state-of-the-art detection methods. In this paper we introduce RacketStore, a platform to collect data from Android devices of participating ASO providers and regular users, on their interactions with apps which they install from the Google Play Store. We present measurements from a study of 943 installs of RacketStore on 803 unique devices controlled by ASO providers and regular users, that consists of 58,362,249 data snapshots collected from these devices, the 12,341 apps installed on them and their 110,511,637 Google Play reviews. We reveal significant differences between ASO providers and regular users in terms of the number and types of user accounts registered on their devices, the number of apps they review, and the intervals between the installation times of apps and their review times. We leverage these insights to introduce features that model the usage of apps and devices, and show that they can train supervised learning algorithms to detect paid app installs and fake reviews with an F1-measure of 99.72% (AUC above 0.99), and detect devices controlled by ASO providers with an F1-measure of 95.29% (AUC = 0.95). We discuss the costs associated with evading detection by our classifiers and also the potential for app stores to use our approach to detect ASO work with privacy.

[1]  Joyojeet Pal,et al.  “My child will be respected”: Parental perspectives on computers and education in Rural India , 2009, Inf. Syst. Frontiers.

[2]  Narseo Vallina-Rodriguez,et al.  50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System , 2019, USENIX Security Symposium.

[3]  Narseo Vallina-Rodriguez,et al.  Understanding Incentivized Mobile App Installs on Google Play Store , 2020, Internet Measurement Conference.

[4]  Xiaohui Liang,et al.  Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks , 2017, NDSS.

[5]  Weixiang Shao,et al.  Bimodal Distribution and Co-Bursting in Review Spam Detection , 2017, WWW.

[6]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[7]  Gang Wang,et al.  Follow the green: growth and dynamics in twitter follower markets , 2013, Internet Measurement Conference.

[8]  Bogdan Carbunar,et al.  Fraud De-Anonymization for Fun and Profit , 2018, CCS.

[9]  Christos Faloutsos,et al.  Detecting anomalies in dynamic rating data: a robust probabilistic model for rating evolution , 2014, KDD.

[10]  Venkatesan Guruswami,et al.  CopyCatch: stopping group attacks by spotting lockstep behavior in social networks , 2013, WWW.

[11]  Arjun Mukherjee,et al.  Exploiting Burstiness in Reviews for Review Spammer Detection , 2021, ICWSM.

[12]  L. Nazarko Freedom with the net. , 2000, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[13]  Priya Mishra,et al.  Search Rank Fraud and Malware Detection in Google Play , 2018 .

[14]  Sencun Zhu,et al.  AppWatcher: unveiling the underground market of trading mobile app reviews , 2015, WISEC.

[15]  Philip S. Yu,et al.  Review spam detection via temporal pattern discovery , 2012, KDD.

[16]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[17]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[18]  Wei Niu,et al.  Crowdsourced App Review Manipulation , 2017, SIGIR.

[19]  Christos Faloutsos,et al.  Inferring Strange Behavior from Connectivity Pattern in Social Networks , 2014, PAKDD.

[20]  Tong Zhang,et al.  Crowd Fraud Detection in Internet Advertising , 2015, WWW.

[21]  Eric Bodden,et al.  Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques , 2016, NDSS.

[22]  Thanh Tran,et al.  Uncovering Fake Likers in Online Social Networks , 2016, CIKM.

[23]  Emiliano De Cristofaro,et al.  Paying for Likes?: Understanding Facebook Like Fraud Using Honeypots , 2014, Internet Measurement Conference.

[24]  REGULATION (EU) 2019/518 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL , 2015 .

[25]  Xiao Liang,et al.  Detecting Fake Accounts in Online Social Networks at the Time of Registrations , 2019, CCS.

[26]  Yanick Fratantonio,et al.  Exploring Syscall-Based Semantics Reconstruction of Android Applications , 2019, RAID.

[27]  Vern Paxson,et al.  Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse , 2013, USENIX Security Symposium.

[28]  Bogdan Carbunar,et al.  Towards De-Anonymization of Google Play Search Rank Fraud , 2020 .

[29]  Sencun Zhu,et al.  GroupTie: toward hidden collusion group discovery in app stores , 2014, WiSec '14.

[30]  Gianluca Stringhini,et al.  MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version) , 2016, NDSS 2017.

[31]  Jie Zhang,et al.  Combating Product Review Spam Campaigns via Multiple Heterogeneous Pairwise Features , 2015, SDM.

[32]  Christopher Krügel,et al.  What the App is That? Deception and Countermeasures in the Android User Interface , 2015, 2015 IEEE Symposium on Security and Privacy.

[33]  Jorge Blasco,et al.  How private is your period?: A systematic analysis of menstrual app privacy policies , 2020, Proc. Priv. Enhancing Technol..

[34]  Samuel B. Williams,et al.  ASSOCIATION FOR COMPUTING MACHINERY , 2000 .

[35]  Paul Dourish,et al.  Postcolonial computing: a lens on design and development , 2010, CHI.

[36]  Abhinav Kumar,et al.  Spotting opinion spammers using behavioral footprints , 2013, KDD.

[37]  Christopher Krügel,et al.  Think Outside the Dataset: Finding Fraudulent Reviews using Cross-Dataset Analysis , 2019, WWW.

[38]  P. V. Oorschot,et al.  Internet Geolocation and Evasion , 2006 .

[39]  Dawn Xiaodong Song,et al.  Suspended accounts in retrospect: an analysis of twitter spam , 2011, IMC '11.

[40]  Philip S. Yu,et al.  Uncovering Download Fraud Activities in Mobile App Markets , 2019, 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[41]  ειδικούς στόχους,et al.  (2016) , 2018 .

[42]  Anna Cinzia Squicciarini,et al.  Combating Crowdsourced Review Manipulators: A Neighborhood-Based Approach , 2018, WSDM.

[43]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[44]  Chang Xu,et al.  Detecting collusive spammers in online review communities , 2013, PIKM '13.

[45]  Philip S. Yu,et al.  Not Just Privacy: Improving Performance of Private Deep Learning in Mobile Cloud , 2018, KDD.

[46]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[47]  Christos Faloutsos,et al.  BIRDNEST: Bayesian Inference for Ratings-Fraud Detection , 2015, SDM.

[48]  Anna Cinzia Squicciarini,et al.  Uncovering Crowdsourced Manipulation of Online Reviews , 2015, SIGIR.

[49]  Stefan Savage,et al.  Hack for Hire: Exploring the Emerging Market for Account Hijacking , 2019, WWW.

[50]  Ee-Peng Lim,et al.  Detecting product review spammers using rating behaviors , 2010, CIKM.

[51]  Christopher Krügel,et al.  Using Loops For Malware Classification Resilient to Feature-unaware Perturbations , 2018, ACSAC.

[52]  C. Wei,et al.  Studying mobile phone use in context: cultural, political, and economic dimensions of mobile phone use , 2005, IPCC 2005. Proceedings. International Professional Communication Conference, 2005..

[53]  Santhosh Kumar,et al.  Temporal Opinion Spam Detection by Multivariate Indicative Signals , 2016, ICWSM.

[54]  Saikat Guha,et al.  Exploring the dynamics of search advertiser fraud , 2017, Internet Measurement Conference.

[55]  Arjun Mukherjee,et al.  What Yelp Fake Review Filter Might Be Doing? , 2013, ICWSM.

[56]  Sencun Zhu,et al.  You can promote, but you can't hide: large-scale abused app detection in mobile app stores , 2016, ACSAC.

[57]  Naomie Salim,et al.  Detection of fake opinions using time series , 2016, Expert Syst. Appl..

[58]  Lorenzo Cavallaro,et al.  TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time , 2018, USENIX Security Symposium.

[59]  E. Racine,et al.  The concept of ‘vulnerability’ in research ethics: an in-depth analysis of policies and guidelines , 2017, Health Research Policy and Systems.

[60]  Narseo Vallina-Rodriguez,et al.  Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets , 2018, Internet Measurement Conference.

[61]  Gianluca Stringhini,et al.  EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services , 2015, USENIX Security Symposium.

[62]  Bogdan Carbunar,et al.  The Art and Craft of Fraudulent App Promotion in Google Play , 2019, CCS.

[63]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[64]  Qiang Cao,et al.  Uncovering Large Groups of Active Malicious Accounts in Online Social Networks , 2014, CCS.

[65]  Bogdan Carbunar,et al.  Search Rank Fraud De-Anonymization in Online Systems , 2018, HT.

[66]  Paul Pearce,et al.  Deep Entity Classification: Abusive Account Detection for Online Social Networks , 2021, USENIX Security Symposium.

[67]  Shion Guha,et al.  Privacy, Security, and Surveillance in the Global South: A Study of Biometric Mobile SIM Registration in Bangladesh , 2017, CHI.

[68]  Lei Wu,et al.  Mobile App Squatting , 2020, WWW.

[69]  M. Gribaudo,et al.  2002 , 2001, Cell and Tissue Research.

[70]  Jong Kim,et al.  CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks , 2015, CCS.