A Large-Scale Empirical Study on Industrial Fake Apps

While there have been various studies towards Android apps and their development, there is limited discussion of the broader class of apps that fall in the fake area. Fake apps and their development are distinct from official apps and belong to the mobile underground industry. Due to the lack of knowledge of the mobile underground industry, fake apps, their ecosystem and nature still remain in mystery. To fill the blank, we conduct the first systematic and comprehensive empirical study on a large-scale set of fake apps. Over 150,000 samples related to the top 50 popular apps are collected for extensive measurement. In this paper, we present discoveries from three different perspectives, namely fake sample characteristics, quantitative study on fake samples and fake authors' developing trend. Moreover, valuable domain knowledge, like fake apps' naming tendency and fake developers' evasive strategies, is then presented and confirmed with case studies, demonstrating a clear vision of fake apps and their ecosystem.

[1]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[2]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[3]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[4]  J. Crussell,et al.  Scalable Semantics-Based Detection of Similar Android Applications , 2013 .

[5]  Peng Liu,et al.  Achieving accuracy and scalability simultaneously in detecting application clones on Android markets , 2014, ICSE.

[6]  Michael Eichberg,et al.  CodeMatch: obfuscation won't conceal your repackaged app , 2017, ESEC/SIGSOFT FSE.

[7]  Lingling Fan,et al.  StoryDroid: Automated Generation of Storyboard for Android Apps , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[8]  Mario Linares Vásquez,et al.  On automatically detecting similar Android apps , 2016, 2016 IEEE 24th International Conference on Program Comprehension (ICPC).

[9]  Minhui Xue,et al.  AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps , 2018, ArXiv.

[10]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[11]  Bo Li,et al.  Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach , 2017, Comput. Secur..

[12]  Minhui Xue,et al.  StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware , 2016, AsiaCCS.

[13]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[14]  Minhui Xue,et al.  Towards adversarial detection of mobile malware: poster , 2016, MobiCom.

[15]  Yang Liu,et al.  Efficiently Manifesting Asynchronous Programming Errors in Android Apps , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[16]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Lingling Fan,et al.  Are mobile banking apps secure? what can be improved? , 2018, ESEC/SIGSOFT FSE.

[18]  Yang Liu,et al.  Large-Scale Analysis of Framework-Specific Exceptions in Android Apps , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[19]  Haoyu Wang,et al.  WuKong: a scalable and accurate two-phase approach to Android app clone detection , 2015, ISSTA.

[20]  Anthony I. Wasserman,et al.  Software engineering issues for mobile application development , 2010, FoSER '10.

[21]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[22]  Lingling Fan,et al.  POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning , 2016, CCS.

[23]  Tao Xie,et al.  A Study of Grayware on Google Play , 2016, 2016 IEEE Security and Privacy Workshops (SPW).