Clint Gibler
ABSTRACT
Malicious activities involving Android applications are rising rapidly. As prior work on cyber-crimes suggests, we need to understand the economic incentives of the criminals to design the most effective defenses. In this paper, we investigate application plagiarism on Android markets at a large scale. We take the first step to characterize plagiarized applications and estimate their impact on the original application developers. We first crawled 265,359 free applications from 17 Android markets around the world and ran a tool to identify similar applications ("clones"). Based on the data, we examined properties of the cloned applications, including their distribution across different markets, application categories, and ad libraries. Next, we examined how cloned applications affect the original developers. We captured HTTP advertising traffic generated by mobile applications at a tier-1 US cellular carrier for 12 days. To associate each Android application with its advertising traffic, we extracted a unique advertising identifier (called the client ID) from both the applications and the network traces. We estimate a lower bound on the advertising revenue that cloned applications siphon from the original developers, and the user base that cloned applications divert from the original applications. To the best of our knowledge, this is the first large scale study on the characteristics of cloned mobile applications and their impact on the original developers.
- A. Andoni and P. Indyk. Near-optimal hashing algorithms for approximate nearest neighbor in high dimensions". In: Foundations of Computer Science, 2006. FOCS'06. 47th Annual IEEE Symposium on. Ieee. 2006, pp. 459--468. Google Scholar
Digital Library
- Jason Ankeny. Feds seize Android app marketplaces Applanet, AppBucket in piracy sting. Aug. 22, 2012. url: http://www.fiercemobilecontent.com/story/feds-seize-android-app-marketplaces-applanet-appbucket-piracy-sting/2012-08-22.Google Scholar
- AppBrain. Android Ad networks. Mar. 2013. url: http://www.appbrain.com/stats/libraries/ad.Google Scholar
- AppBrain. Number of available android applications. Nov. 2012. url: http://www.appbrain.com/stats/number-of-android-apps.Google Scholar
- Brut.alll. Android-Apktool. url: http://code.google.com/p/android-apktool.Google Scholar
- J. Crussell, C. Gibler, and H. Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets". In: Computer Security--ESORICS 2012 (2012), pp. 37--54.Google ScholarCross Ref
- N. Daswani et al. Online advertising fraud". In: Crimeware: Understanding New Attacks and Defenses (2008).Google Scholar
- M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D.S. Wallach. \Quire: lightweight provenance for smart phone operating systems". In: USENIX Security. 2011. Google ScholarDigital Library
- William Enck, Landon P. Cox, and Jaeyeon Jung. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones". In: (2010).Google Scholar
- Jesus Freke. Smali/Baksmali. url: http://code.google.com/p/smali.Google Scholar
- Mona Gandhi, Markus Jakobsson, and Jacob Ratkiewicz. \Badvertisements: Stealthy click-fraud with unwitting accessories". In: Online Fraud, Part I Journal of Digital Forensic Practice, Volume 1, Special Issue 2. 2006.Google Scholar
- M.C. Grace, W. Zhou, X. Jiang, and A.R. Sadeghi. Unsafe exposure analysis of mobile in-app advertisements". In: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM. 2012, pp. 101--112. Google ScholarDigital Library
- T. Holz, M. Engelberth, and F. Freiling. Learning more about the underground economy: A case-study of keyloggers and dropzones". In: Computer Security--ESORICS 2009 (2009), pp. 1--18. Google ScholarDigital Library
- Chris Kanich et al. Show Me the Money: Characterizing Spam-advertised Revenue". In: USENIX Security Symposium. San Francisco, CA, Aug. 2011. Google ScholarDigital Library
- Keystore and Aliases - is there a use to multiple aliases? Dec. 2012. url: http://stackoverflow.com/questions/2667399/keystore-and-aliases-is-there-a-use-to-multiple-aliases.Google Scholar
- Eric Lafortune. Proguard. url: http://proguard.sourceforge.net.Google Scholar
- Kirill Levchenko et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain". In: IEEE Symposium and Security and Privacy. Oakland, CA, May 2011. Google ScholarDigital Library
- H. Liu, C.N. Chuah, H. Zang, and S. Gatmir-motahari. Evolving Landscape of Cellular Network Traffic". In: Computer Communications and Networks (ICCCN), 2012 21st International Conference on. IEEE. 2012, pp. 1--7.Google ScholarCross Ref
- Multiple Signatures and Shared UIDs. Dec. 2012. url: https://groups.google.com/forum/?fromgroups=#!topic/android-security-discuss/LyyEWyFg5xc.Google Scholar
- P. Pearce, A.P. Felt, G. Nunez, and D. Wagner. AdDroid: Privilege Separation for Applications and Advertisers in Android". In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM. 2012. Google ScholarDigital Library
- Security Alert: Malware Found Targeting Custom ROMs (jSMSHider). Dec. 2012. url: https://blog.lookout.com/blog/2011/06/15/security-alert-malware-found-targeting-custom-roms-jsmshider/.Google Scholar
- S. Shekhar, M. Dietz, and D.S. Wallach. Adsplit: Separating smartphone advertising from applications". In: CoRR, abs/1202.4030 (2012).Google Scholar
- Signing Your Applications. Dec. 2012. url: http://developer.android.com/tools/publishing/app-signing.html.Google Scholar
- R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen. Investigating User Privacy in Android Ad Libraries". In: IEEE Mobile Security Technologies (MoST), San Francisco, CA (2012).Google Scholar
- B. Stone-Gross, T. Holz, G. Stringhini, and G. Vigna. The underground economy of spam: A botmasters perspective of coordinating large-scale spam campaigns". In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). 2011. Google ScholarDigital Library
- B. Stone-Gross et al. The underground economy of fake antivirus software". In: Economics of Information Security and Privacy III (2011), pp. 55--78.Google Scholar
- B. Stone-Gross et al. Understanding fraudulent activities in online ad exchanges". In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM. 2011, pp. 279--294. Google ScholarDigital Library
- W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party android marketplaces". In: Proceedings of the second ACM conference on Data and Application Security and Privacy. ACM. 2012, pp. 317--326. Google ScholarDigital Library
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution". In: Security and Privacy (SP), 2012 IEEE Symposium on. IEEE. 2012, pp. 95--109. Google ScholarDigital Library
Index Terms
- AdRob: examining the landscape and impact of android application plagiarism
Recommendations
AdRob: examining the landscape and impact of android application plagiarism
MobiSys '13: Proceeding of the 11th annual international conference on Mobile systems, applications, and servicesMalicious activities involving Android applications are rising rapidly. As prior work on cyber-crimes suggests, we need to understand the economic incentives of the criminals to design the most effective defenses. In this paper, we investigate ...
Underground economy of android application plagiarism
SESP '13: Proceedings of the first international workshop on Security in embedded systems and smartphonesAs Android became the most popular mobile operating system, malicious activities targeting Android and its applications are rising rapidly. While technical approaches may mitigate the attacks with varying effectiveness, understanding the economic ...
Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services
IMC '16: Proceedings of the 2016 Internet Measurement ConferenceMany popular, free online services provide cross-platform interfaces via Web browsers as well as apps on iOS and Android. To monetize these services, many additionally include tracking and advertising libraries that gather information about users with ...
Comments