Characterizing Promotional Attacks in Mobile App Store

  • Bo Sun
  • Xiapu Luo
  • Mitsuaki Akiyama
  • Takuya Watanabe
  • Tatsuya Mori
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 719)


Mobile app stores, such as Google Play, play a vital role in the ecosystem of mobile apps. When users look for an app of interest, they can acquire useful data from the app store to facilitate their decision on installing the app or not. This data includes ratings, reviews, number of installs, and the category of the app. The ratings and reviews are the user-generated content (UGC) that affect the reputation of an app. Unfortunately, miscreants also exploit such channels to conduct promotional attacks (PAs) that lure victims to install malicious apps. In this paper, we propose and develop a new system called PADetective to detect miscreants who are likely to be conducting promotional attacks. Using a dataset with 1,723 of labeled samples, we demonstrate that the true positive rate of detection model is 90%, with a false positive rate of 5.8%. We then applied PADetective to a large dataset for characterizing the prevalence of PAs in the wild and find 289 K potential PA attackers who posted reviews to 21 K malicious apps.


Mobile app store Promotional attacks Machine learning 



A part of this work was supported by JSPS Grant-in-Aid for Scientific Research (KAKENHI) B, Grant number JP16H02832. A part of this work was also supported by a Grant for Non-Japanese Researchers from the NEC C&C Foundation and a Waseda University Grant for Special Research Projects (Project number: 2016S-055).


  1. 1.
    Developer policy center.
  2. 2.
  3. 3.
    gensim:topic modelling for humans.
  4. 4.
    Google play reviews collection service.
  5. 5.
    Natural language toolkit.
  6. 6.
    scikit-learn:machine learning in python.
  7. 7.
    Textblob: Simplified text processing.
  8. 8.
    Virustotal- free online virus, malware and url scanner.
  9. 9.
    The FTC’s endorsement guides: What people are asking (2015).
  10. 10.
    El Ahmad, A.S., Yan, J., Ng, W.-Y.: Captcha design: color, usability, and security. IEEE Internet Comput. 16(2), 44–51 (2012)CrossRefGoogle Scholar
  11. 11.
    Fu, B., Lin, J., Li, L., Faloutsos, C., Hong, J.I., Sadeh, N.M.: Why people hate your app: making sense of user feedback in a mobile app store. In: Proceedings of the ACM KDD (2013)Google Scholar
  12. 12.
    Ganguly, R.: App. store optimization - a crucial piece of the mobile app marketing puzzle (2013).
  13. 13.
    Kong, D., Cen, L., Jin, H.: AUTOREB: automatically understanding the review-to-behavior fidelity in android applications. In: Proceedings of the ACM CCS (2015)Google Scholar
  14. 14.
    Le, Q.V., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the ICML (2014)Google Scholar
  15. 15.
    Lim, E., Nguyen, V., Jindal, N., Liu, B., Lauw, H.W.: Detecting product review spammers using rating behaviors. In: Proceedings of the ACM CIKM (2010)Google Scholar
  16. 16.
    Liu, B., Nath, S., Govindan, R., Liu, J.: DECAF: detecting and characterizing ad fraud in mobile apps. In: Proceedings of the NSDI (2014)Google Scholar
  17. 17.
    Mukherjee, A., Liu, B., Glance, N.S.: Spotting fake reviewer groups in consumer reviews. In: Proceedings of the WWW (2012)Google Scholar
  18. 18.
    Mukherjee, A., Liu, B., Wang, J., Glance, N.S., Jindal, N.: Detecting group review spam. In: Proceedings of the WWW (2011)Google Scholar
  19. 19.
    Oh, H., Kim, S., Park, S., Zhou, M.: Can you trust online ratings? A mutual reinforcement model for trustworthy online rating systems. IEEE Trans. Syst. Man Cybern. Syst. 45(12), 1564–1576 (2015)CrossRefGoogle Scholar
  20. 20.
    Statista Inc.: Number of apps available in leading app stores as of June 2016.
  21. 21.
    Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play. In: Proceedings of the ACM SIGMETRICS (2014)Google Scholar
  22. 22.
    Xie, Z., Zhu, S.: Grouptie: toward hidden collusion group discovery in app stores. In: Proceedings of the ACM WiSec (2014)Google Scholar
  23. 23.
    Xie, Z., Zhu, S.: Appwatcher: unveiling the underground market of trading mobile app reviews. In: Proceedings of the ACM WiSec (2015)Google Scholar
  24. 24.
    Zhao, Y., Xie, Y., Yu, F., Ke, Q., Yu, Y., Chen, Y., Gillum, E.: Botgraph: large scale spamming botnet detection. In: Proceedings of the NSDI (2009)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  • Bo Sun
    • 1
  • Xiapu Luo
    • 2
  • Mitsuaki Akiyama
    • 3
  • Takuya Watanabe
    • 3
  • Tatsuya Mori
    • 1
  1. 1.Department of Computer Science and Communications EngineeringWaseda UniversityShinjukuJapan
  2. 2.Department of ComputingThe Hong Kong Polytechnic UniversityKowloonHong Kong
  3. 3.NTT Secure Platform LaboratoriesNTT CorporationTokyoJapan

Personalised recommendations