Search Rank Fraud and Malware Detection in Google Play

Search Rank Fraud and Malware Detection in Google Play

by
with no comment
Uncategorized

Introduction

Search Rank Fraud and Malware Detection in Google Play, Let’s face it — Google Play, with over 3 million apps, is a massive playground for both innovation and exploitation. While we enjoy entertainment, productivity, and convenience at our fingertips, not all that glitters in the Play Store is gold. Search rank fraud and malware infestations are two of the biggest threats lurking beneath the surface. But how do these work, and why should you care? Let’s dive in.

ABSTRACT: Search Rank Fraud and Malware Detection in Google Play

Fraudulent behaviors in Google Play, the most popular Android app market, fuel search rank abuse and malware proliferation. To identify malware, previous work has focused on app executable and permission analysis. In this paper, we introduce FairPlay, a novel system that discovers and leverages traces left behind by fraudsters to detect both malware and apps subjected to search rank fraud. FairPlay correlates review activities and uniquely combines detected review relations with linguistic and behavioral signals gleaned from Google Play app data (87K apps, 2.9M reviews, and 2.4M reviewers, collected over half a year), in order to identify suspicious apps. FairPlay achieves over 95% accuracy in classifying gold standard datasets of malware, fraudulent, and legitimate apps. We show that 75% of the identified malware apps engage in search rank fraud. FairPlay discovers hundreds of fraudulent apps that currently evade Google Bouncer’s detection technology. FairPlay also helped the discovery of more than 1,000 reviews, reported for 193 apps, that reveal a new type of “coercive” review campaign: users are harassed into writing positive reviews, and installing and reviewing other apps.

Existing Mechanism

Google Play eliminates malware via the Bouncer mechanism. However, 12% (948) of the 7, 756 Google Play apps that we examined with Virus Total were reported as malicious by at least one antivirus program, and 2% (150) were recognized as such by at least ten programs.

Sarma et al. train SVM and educate users on the risks vs. benefits tradeoffs of apps using risk signals that are taken from app permissions, such as rare critical permissions (RCP) and rare pairs of critical permissions (RPCP).

Based on probabilistic generative models like Naive Bayes, Peng et al. provide a score to gauge an app’s risk.

Yerima et al. also make use of commands taken from the app executables, API requests, and features taken from the app permissions.

Disadvantages of the Existing System

  • Prior research has only examined permissions and app executables.
  • Ineffective
  • Reduced detection rate %
  • requires more time.

Proposed System

  • We suggest FairPlay, a system that effectively identifies malware and fraud on Google Play. Our primary contributions are:
  • We suggest and create relational, behavioral, and linguistic variables that we utilize to train supervised learning algorithms in order to detect malware and fraud.
  • In order to model user reviewing relations, we develop the concept of co-review graphs.
  • We create PCF, an effective technique for locating temporally limited co-review pseudo-cliques, which are made up of reviewers whose co-reviewing activities significantly overlap during brief time periods.
  • We utilize the temporal dimensions of review post timings to detect suspicious review spikes that applications get. We demonstrate that a fraudster must write at least positive reviews for an app with a rating of R in order to make up for a bad review. Apps with permission request ramps and “unbalanced” review, rating, and install numbers are also flagged by us.
  • We employ linguistic and behavioral data to (i) identify authentic reviews, from which we subsequently (ii) extract malware and fraud signs indicated by the user.

PROPOSED SYSTEM BENEFITS

  • This approach is based on the notion that malevolent and fraudulent activities leave traces in app stores.
  • Over 97% of fraudulent and benign applications can be correctly classified by FairPlay, and over 95% of malicious and benign apps can be correctly classified.
  • FairPlay performs noticeably better than Sarma et al.’s malware indicators. Additionally, we demonstrate that malware frequently commits search rank fraud as well: FairPlay identified over 75% of the gold standard malware applications as phony after being trained on both benign and malicious apps.
  • FairPlay finds hundreds of applications that are fake.
  • Additionally, FairPlay allowed us to identify a new kind of coercive review campaign attack in which users of the app are intimidated into leaving a favorable review, installing the app, and reviewing other applications.

Description of Modules that Detect Search Rank Fraud and Malware Detection in Google Play

System Model

We create the system environment model in the project’s first module in order to assess how well our system performs against search rank fraud. We concentrate on Google Play’s Android appmarket ecosystem. The participants have Google accounts and include both developers and users. Apps are made and uploaded by developers and include executables (also known as “apks”), a description, and a set of necessary permissions.

This data is made public by the app market, along with the app’s installed count range, size, version number, price, time of last update, reviews and ratings it has received, and its overall rating (as a sum of reviews and ratings) and a list of “similar” applications. Every review includes some text along with a star rating that ranges from 1 to 5. A title and a description make up the optional text. Google Play restricts how many app reviews may be shown. We provide examples of Google Play users and their relationships in this section.

Adversarial model

We create the adversarial model in the second module to take hostile users into account. We take into account both logically dishonest developers and malevolent developers that install viruses. Fraudulent developers try to manipulate their applications’ search ranking by, for example, hiring fraud specialists from crowdsourcing websites to submit ratings, write reviews, and generate fake installations. Although Google does not disclose the ranking algorithms for applications, it is well known that reviews, ratings, and install numbers are important factors.

Users must have a Google account, register a mobile device with that account, and install the app on the device in order to review or rate an app. Because this method makes their job more difficult, fraudsters are more inclined to utilize the same accounts for several activities. Impact is the cause of search rank fraud assaults. Apps with better search engine rankings typically get more installations. Both malevolent developers, who maximize the effect of their software, and fraudulent developers, who raise their income, benefit from this.

The Co-Review Graph (CoReG) Module

This module takes advantage of the finding that fraudsters with a large number of accounts will reuse them for various tasks. The next step is to identify subsets of app reviewers who have previously engaged in noteworthy, typical review tasks. The co-review graph concept is explained, the weighted maximum clique enumeration issue is formally presented, and an effective heuristic that takes advantage of inherent constraints in fraudsters’ actions is then shown.

Assume that an app’s co-review graph is a graph with nodes representing user accounts that reviewed the app and undirected edges with a weight indicating how many applications the edge’s endpoint users have reviewed together. User accounts with substantial previous review activity are automatically identified via the co-review graph idea.

Reviewer Feedback (RF) Module

Negative experiences may be described in reviews by actual users of viruses and fraudulent programs. The two-step method used by the RF module to take advantage of this discovery is (i) detecting and eliminating false reviews, and (ii) identifying malware and fraud-indicating comments from the remaining reviews.

Conclusion: Search Rank Fraud and Malware Detection in Google Play

The world of apps is exciting, fast-moving, and unfortunately, vulnerable. Search Rank Fraud and Malware Detection in Google Play aren’t just technical issues — they’re trust issues. As users, developers, and platform providers, we each play a part in building a safer app ecosystem. Stay aware, report suspicious behavior, and always question before you click.

FAQs: Search Rank Fraud and Malware Detection in Google Play

1. How can users protect themselves from Search Rank Fraud and Malware Detection in Google Play?

Check app permissions, avoid shady apps with exaggerated claims, and read genuine reviews.

2. What is the most common type of Search Rank Fraud and Malware Detection in Google Play?

Fake reviews and rating manipulation top the list, used to boost search rankings unfairly.

3. Can malware still bypass Google’s defenses?

Yes, but detection systems are getting smarter. Still, some advanced threats slip through.

4. How does Google penalize developers caught cheating?

Their apps are removed, accounts may be banned, and in serious cases, legal action is pursued.

5. Is Google Play safer than third-party app stores?

Generally, yes. Google Play has more robust vetting processes and security tools.

Thanks for reading our article on Search Rank Fraud and Malware Detection in Google Play.

Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *