Mobile app squatting

Yangyu Hu, Haoyu Wang, Ren He, Li Li, Gareth Tyson, Ignacio Castro, Yao Guo, Lei Wu, Guoai Xu

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

5 Citations (Scopus)

Abstract

Domain squatting, the adversarial tactic where attackers register domain names that mimic popular ones, has been observed for decades. However, there has been growing anecdotal evidence that this style of attack has spread to other domains. In this paper, we explore the presence of squatting attacks in the mobile app ecosystem. In "App Squatting", attackers release apps with identifiers (e.g., app name or package name) that are confusingly similar to those of popular apps or well-known Internet brands. This paper presents the first in-depth measurement study of app squatting showing its prevalence and implications. We first identify 11 common deformation approaches of app squatters and propose "AppCrazy", a tool for automatically generating variations of app identifiers. We have applied AppCrazy to the top-500 most popular apps in Google Play, generating 224,322 deformation keywords which we then use to test for app squatters on popular markets. Through this, we confirm the scale of the problem, identifying 10,553 squatting apps (an average of over 20 squatting apps for each legitimate one). Our investigation reveals that more than 51% of the squatting apps are malicious, with some being extremely popular (up to 10 million downloads). Meanwhile, we also find that mobile app markets have not been successful in identifying and eliminating squatting apps. Our findings demonstrate the urgency to identify and prevent app squatting abuses. To this end, we have publicly released all the identified squatting apps, as well as our tool AppCrazy.

Original languageEnglish
Title of host publicationProceedings of the World Wide Web Conference WWW 2020
EditorsTie-Yan Liu, Maarten van Steen
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Pages1727-1738
Number of pages12
ISBN (Electronic)9781450370233
DOIs
Publication statusPublished - 2020
EventInternational World Wide Web Conference 2020 - Taipei, Taiwan
Duration: 20 Apr 202024 Apr 2020
Conference number: 29th
https://dl.acm.org/doi/proceedings/10.1145/3366423 (Proceedings)
https://www2020.thewebconf.org (Website)

Conference

ConferenceInternational World Wide Web Conference 2020
Abbreviated titleWWW 2020
CountryTaiwan
CityTaipei
Period20/04/2024/04/20
Internet address

Keywords

  • Android
  • app squatting
  • fake app
  • malware
  • typosquatting

Cite this