Dissecting developer policy violating apps: Characterization and detection

Author

Su Mon KYWE, Singapore Management UniversityFollow
Yingjiu LI, Singapore Management UniversityFollow
Jason HONG, Carnegie Mellon University
Yao CHENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2016

Abstract

To ensure quality and trustworthiness of mobile apps, Google Play store imposes various developer policies. Once an app is reported for exhibiting policy-violating behaviors, it is removed from the store to protect users. Currently, Google Play store relies on mobile users’ feedbacks to identify policy violations. Our paper takes the first step towards understanding these policy-violating apps. First, we crawl 302 Android apps, which are reported in the Reddit forum by mobile users for policy violations and are later removed from the Google Play store. Second, we perform empirical analysis, which reveals that many violating behaviors have not been studied well by industry or research communities. We discover that 53% of the reported apps are either copying popular apps or violating copy-rights or trademarks of brands. Moreover, 49% of reported apps are violating ads policies by sending push notifications, adding homescreen icon and changing browser settings. Only 8% show malware-like behaviors, such as downloading malicious files to users’ mobile phones. Based on our empirical analysis results, we extract 175 features for differentiating bad apps from benign apps. Our features cover use of brand names and other keywords, third-party libraries, network activities, meta data, permissions, and suspicious API calls originated from third-party libraries. We then apply 10 machine learning classifiers on the extracted features to detect reported bad apps. Our experiment result shows that the best algorithm can detect them with 86.80% true positive rate and 13.6% false positive rate. On the other hand, the same samples of policy violating apps are detected by VirusTotal with true positive rate of 55.63% and false positive rate of 17.48%.

Keywords

Granular revocation, ABE, Cloud storage

Discipline

Information Security

Research Areas

Cybersecurity

Publication

MALWARE 2016: Proceedings of the 11th International Conference on Malicious and Unwanted Software: Fajardo, Puerto Rico, October 18-21

First Page

10

Last Page

19

ISBN

9781509045426

Identifier

10.1109/MALWARE.2016.7888725

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

KYWE, Su Mon; Yingjiu LI; HONG, Jason; and CHENG, Yao. Dissecting developer policy violating apps: Characterization and detection. (2016). MALWARE 2016: Proceedings of the 11th International Conference on Malicious and Unwanted Software: Fajardo, Puerto Rico, October 18-21. 10-19.
Available at: https://ink.library.smu.edu.sg/sis_research/3381

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/MALWARE.2016.7888725