Key Technologies On Security Analysis Of The Mobile Application Advertising Ecosystem

In the past few years,mobile devices such as smartphones and tablets have grown explosively.Although millions of moble apps provide rich functionalities and convenience to mobile users,they also contribute to the rise of new types of security and privacy risks.Recent research suggested that mobile advertising(ad)brings in a large mount of security issues.Mobile advertising is the main source of revenue for most developers and supports more than 66%of apps on the market.However,the security issues such as ad fraud,malicious advertisement content,and the vulnerabilities of advertisement libraries introduced by the participants of the mobile advertising ecosystem seriously affect the development of the advertising ecosystem.The security analysis of the mobile application(app)advertising ecosystem has become one of the hot research directions.The mobile app ad ecosystem mainly includes four participants:app developer,ad network,advertiser,and mobile user.The ad network provides the ad library,the developer embeds the ad library into the host app,and the advertiser delivers the ad content through the ad network.The user opens the host app and the ad library loads and displays the ad content.The first three participants,act as producers in the mobile ad ecosystem,introduce security threats in the production of advertising.Developers introduce ad fraud because of agressive use of ad library.They create unintentional ad impressions or clicks by using tricks or fraudulent methods to obtain more advertising revenues.Ad fraud brings economic losses to advertisers and seriously affects the user experience.Advertisers launch malicious advertisements,such as pornography,gambling,and malicious links and documents to introduce ad content security issues,which results in the loss of user interests.The ad library provided by the ad network conducts malicious activities due to excessive collection of user privacy data and the abuse of privacy,as well as security issues such as design flaws and vulnerabilities.Mobile ads are embedded in the host apps by the developer in the form of an ad library,and the ad is requested and loaded through the function code in the advertisement library.Unlike traditional Web advertisements,mobile ads have many new features,such as running in host apps,sharing the same permissions with host apps,and so on.Therefore,the methods of traditional Web ad security analysis cannot be simply ported to the security analysis of mobile advertisement.However,the current research on the security analysis of mobile app ad ecosystem is rather limited.In the area of ad fraud detection,a few studies focus on mobile app ad fraud,but these studies focus on either click fraud or static placement fraud,unable to deal with emerging dynamic interactive fraud which is more complex than exsiting types of fraud.Moreover,research on static placement fraud is for the Windows Phone platform and cannot simply be transplanted to the Android platform.In the area of malicious advertisement detection,the ad content includes ad display content and ad spread content,but most of the existing research focuses on the malicious links and files spread after clicking on the advertisement,ignoring the security of the ad display content.In the area of ad library security,the research on malicious behaviors of leakage of privacy and permission abuse of ad library is richer and deeper.There is a lack of in-depth research on ad library vulnerabilities,especially on the analysis of the distribution of ad library vulnerabilities in apps.This paper sums up the current researches on mobile ad ecosystem security,and deeply studies ad security issues from the perspectives of developers,advertisers,and ad network based on the existing security analysis technology.Aiming at ad fraud,we propose an ad fraud detection model based on the user interface state transition graph.The model automatically runs the apps to generate the state transition graph to record app ad behaviors.Then we formalize different types of ad fraud into heuristic rules to match ad fraud in the recorded ad behaviors.Aiming at malicious advertisement,we propose a security analysis model for mobile app ad life cycle content.The model applies automatic testing techniques in ad fraud analysis to trigger ad network traffic and extracts ad content such as advertisement pictures,texts,and links from network traffic.Then it uses methods such as image recognition,OCR,and.virus engine to detect malicious ad content such as pornography,gambling,and malicious links.Aiming at the ad library security,especially the app security problem caused by the ad library vulnerabilities,we propose an ad library vulnerability spreading analysis model based on fine-grained ad library identification and version mapping.The model identifies the version of the ad library that exists in large-scale apps and detects vulnerabilities in the ad library version through vulnerability detection.At last,it detects the vulnerabilities that exist in large-scale apps through vulnerability version mapping.The main contributions of this paper are summarized as follows:First,aiming at the security issue of ad fraud introduced by developers,we propose an ad fraud detection model based on the user interface state transition graph.To the best of our knowledge,we first classify current common ad fraud which includes not only existing static placement fraud but also emerging dynamic interactive fraud into nine categories.Secondly,in terms of the ad behaviors triggering,we leavrage the innovative ad first traverse strategy to improve the efficiency of app automatic testing.In the key difficulty of ad control identification,we adopt a novel recognition method combining the ad loading method with the ad attribute features,which greatly improves the recognition accuracy.Finally,we apply the model to 12,000 apps that contained different ad networks and find 335 ad fraud apps.Experimental results show that the model can accurately detect ad fraud in large-scale apps.In addition,the experiment find that ad fraud exists widely in the ad networks and the major app marketes,and they need to pay more attention to ad fraud.Second,we propose a security analysis model of mobile app ad life cycle content for malicious advertisement introduced by advertisers.To the best of our knowledge,we first propose a method for analyzing the entire life cycle of ad content,including not only the ad spread content but also the ad display content.We also summarize six common ad content security issues.Moreover,we first dissect the principle of the close button-induced fraud in the ad display content,and propose a close button-induced fraud detection method based on the YOLOv2 algorithm.Finally,we apply the model to 36,000 apps from 52 ad networks,and find 1399(3.89%)malicious ad content apps.Experimental results show that the model can accurately detect the malicious ad content in large-scale apps.Through in-depth analysis of experimental data,we find that malicious ad content exists extensively in ad networks,and it is difficult to detect due to the features such as dynamic generation and algorithm based dilivery.It seriously affects the safety of mobile ad ecosystems,and ad networks need to strengthen the auditing of ad content.Third,we propose an ad library vulnerability spreading analysis model based on version mapping for the security issue introduced by integrating vulnerable ad libraries.We apply a method of identifying ad library based on fuzzy hash tree.The method uses the clustering method based on the characteristics of the fuzzy hash tree to identify the ad libraries in the apps.Secondly,we adopt a novel method based on the dynamic traffic version feature to identify the ad library version,which breaks the limitations of existing methods that require inputting official ad libraries for matching.We apply the model to large-scale apps to identify the version of the ad library and the vulnerabilities contained in its version.The experimental results show that 20 ad libraries and 165 versions are detected in 10,401 ad apps,of which 86.67%(143/165)of the ad library versions have vulnerabilities,and 87.3%(9080/10401)of vulnerable apps are detected by version mapping.We also find that 81.72%(7420/9080)apps have vulnerabilities due to the use of old versions of ad libraries.The ad network should enhance the safety of the ad library,and app developers should update the app's ad library version in time to reduce the risk of app vulnerability.