Large-scale Detection And Analysis Of Traffic-Hijacking-based Fraud In Mobile App Promotion

With the advent of the mobile era and the continuous thriving of the smartphone market,the number of mobile device users has grown rapidly in today' s society,which has brought unprecedented demand to the market,leading more and more application developers investing in this industry.In order to compete for the limited attention of smartphone users,these developers have to invest heavily on mobile user acquisition campaigns.But meanwhile,this has unfortunately attracted the attention of some crim-inals.A new type of Internet fraud involving collusion between fraudulent app distrib-utors and Internet Service Providers comes into our eyes,which we would refer to as"app distribution fraud".In this new type of fraud,installation files normally down-loaded by users from victimized distributors are hijacked and replaced with packages from fraudulent distributors,imposing huge amount of promotion fees on developers as they originally do not need to pay.And we find in some cases,the original app a user intends to download can even be replaced with a completely irrelevant one,render-ing the user's device and information security at serious risks.There have been some reports and records from the Internet discussing about this kind of traffic-hijacking-based app distribution fraud,but there's a lack of in-depth systematic research about this problem,especially regarding the scope and severity of this fraudulent activity,its impact to actual world and the technical mechanisms behind scene,etc..These need to be answered.In this thesis,we have the unique opportunity to work with a major e-commerce company in China,who has about 0.2 billion monthly active users,to take a first peek at this issue.For this purpose,we have designed a crowdsourcing-based detection frame-work,which can take advantage of the company's large number of users,their wide distribution and high level of activity.We then utilize the detection framework to col-lect data on various aspects of app distribution fraud.According to the measurement results collected nationwide,we find that the app distribution fraud is very stealthy but widespread-before intervention,about 1.55%of app downloads were hijacked,af-fecting more than 75%of the cities involved in our tests.We have also discovered that there are certain patterns in app distribution fraud in terms of geographic distributions,diurnal activities,and network modes.By our estimation,app distribution fraud can cause a financial loss of 51.3 billion Chinese Yuan annually.We have carried out sev-eral iterative experiments in cooperation,and have conducted intervention after each measurement.We can see significantly drop in hijacking ratios but the results of iter-ative experiments also show that there are still constantly new fraudulent distributors joining such fraud program.This indicates there is a long-lasting online battle behind the detection and prevention of app distribution fraud.In addition to many valuable insights we have gained in the cooperation,we follow up with a series of supplemen-tal measurements on the technical mechanism of the traffic hijacking and the scope of the fraud(i.e.,behaviour under different network modes and whether other apps are also affected).We conclude that the traffic hijacking in app distribution fraud is mainly committed through HTTP redirection,and this kind of fraud also affects many other applications.