Uncovering Download Fraud Activities in Mobile App Markets

Download fraud is a prevalent threat in mobile App markets, where fraudsters manipulate the number of downloads of Apps via various cheating approaches. Purchased fake downloads can mislead recommendation and search algorithms and further lead to bad user experience in App markets. In this paper, we investigate download fraud problem based on a company's App Market, which is one of the most popular Android App markets. We release a honeypot App on the App Market and purchase fake downloads from fraudster agents to track fraud activities in the wild. Based on our interaction with the fraudsters, we categorize download fraud activities into three types according to their intentions: boosting front end downloads, optimizing App search ranking, and enhancing user acquisition&retention rate. For the download fraud aimed at optimizing App search ranking, we select, evaluate, and validate several features in identifying fake downloads based on billions of download data. To get a comprehensive understanding of download fraud, we further gather stances of App marketers, fraudster agencies, and market operators on download fraud. The followed analysis and suggestions shed light on the ways to mitigate download fraud in App markets and other social platforms. To the best of our knowledge, this is the first work that investigates the download fraud problem in mobile App markets.

[1]  Mahmudur Rahman,et al.  FairPlay: Fraud and Malware Detection in Google Play , 2016, SDM.

[2]  Sencun Zhu,et al.  AppWatcher: unveiling the underground market of trading mobile app reviews , 2015, WISEC.

[3]  Xiaohui Liang,et al.  Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks , 2017, NDSS.

[4]  Roberto Di Pietro,et al.  The Paradigm-Shift of Social Spambots: Evidence, Theories, and Tools for the Arms Race , 2017, WWW.

[5]  Pierre Geurts,et al.  Extremely randomized trees , 2006, Machine Learning.

[6]  Narseo Vallina-Rodriguez,et al.  Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets , 2018, Internet Measurement Conference.

[7]  James Caverlee,et al.  Behavioral detection of spam URL sharing: Posting patterns versus click patterns , 2014, 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014).

[8]  Anna Cinzia Squicciarini,et al.  Combating Crowdsourced Review Manipulators: A Neighborhood-Based Approach , 2018, WSDM.

[9]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[10]  Gianluca Stringhini,et al.  What Happens After You Are Pwnd: Understanding the Use of Leaked Webmail Credentials in the Wild , 2016, Internet Measurement Conference.

[11]  Emiliano De Cristofaro,et al.  Paying for Likes?: Understanding Facebook Like Fraud Using Honeypots , 2014, Internet Measurement Conference.

[12]  David Lo,et al.  Detecting click fraud in online advertising: a data mining approach , 2014, J. Mach. Learn. Res..

[13]  Priya Mishra,et al.  Search Rank Fraud and Malware Detection in Google Play , 2018 .

[14]  Tong Zhang,et al.  Crowd Fraud Detection in Internet Advertising , 2015, WWW.

[15]  Kyumin Lee,et al.  Detecting malicious campaigns in crowdsourcing platforms , 2016, 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[16]  Bogdan Carbunar,et al.  Search Rank Fraud and Malware Detection in Google Play , 2017, IEEE Transactions on Knowledge and Data Engineering.

[17]  Peng Wang,et al.  Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale , 2015, USENIX Security Symposium.

[18]  Kyumin Lee,et al.  Characterizing and automatically detecting crowdturfing in Fiverr and Twitter , 2015, Social Network Analysis and Mining.

[19]  Leman Akoglu,et al.  Collective Opinion Spam Detection: Bridging Review Networks and Metadata , 2015, KDD.

[20]  R. R. Deshmukh,et al.  Discovery of Ranking Fraud for Mobile Apps , 2016 .

[21]  Li Li,et al.  Why are Android Apps Removed From Google Play? A Large-Scale Empirical Study , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[22]  Wei Niu,et al.  Crowdsourced App Review Manipulation , 2017, SIGIR.

[23]  Bogdan Carbunar,et al.  A longitudinal study of the Google app market , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[24]  Prasant Mohapatra,et al.  Early Detection of Spam Mobile Apps , 2015, WWW.

[25]  Gang Wang,et al.  Serf and turf: crowdturfing for fun and profit , 2011, WWW.

[26]  Yuanyuan Zhang,et al.  A Survey of App Store Analysis for Software Engineering , 2017, IEEE Transactions on Software Engineering.

[27]  Hao Chen,et al.  Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets , 2017, AsiaCCS.

[28]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[29]  Saikat Guha,et al.  Characterizing Large-Scale Click Fraud in ZeroAccess , 2014, CCS.

[30]  Kyumin Lee,et al.  The Dark Side of Micro-Task Marketplaces: Characterizing Fiverr and Automatically Detecting Crowdturfing , 2014, ICWSM.