{"title":"Revisiting Mobile Advertising Threats with MAdLife","authors":"Gong Chen, W. Meng, J. Copeland","doi":"10.1145/3308558.3313549","DOIUrl":null,"url":null,"abstract":"Online advertising is one of the primary funding sources for various of content, services, and applications on both web and mobile platforms. Mobile in-app advertising reuses many existing web technologies under the same ad-serving model (i.e., users - publishers - ad networks - advertisers). Nevertheless, mobile in-app advertising is different from the traditional web advertising in many aspects. For example, malicious app developers can generate fraudulent ad clicks in an automated fashion, but malicious web publishers have to launch click fraud with bots. In spite of using the same underlying web infrastructure, advertising threats behave differently on the two platforms. Existing works have studied separately click fraud and malvertising in the mobile setting. However, it is unknown if there exists a relationship between these two dominant threats. In this paper, we present an ad collection framework – MAdLife – on Android to capture all the in-app ad traffic generated during an ad's entire lifespan. MAdLife allows us to revisit both threats in a fine-grained manner and study the relationship between them. It further enables the exploration of other threats related to ad landing pages. We analyzed 5.7K Android apps crawled from the Google Play Store, and collected 83K ads and their landing pages using MAdLife. Similar to traditional web ads, 58K ads landed on web pages. We discovered 37 click-fraud apps, and found that 1.49% of the 58K ads were malicious. We also revealed a strong correlation between fraudulent apps and malicious ads. Specifically, 15.44% of malicious ads originated from the fraudulent apps. Conversely, 18.36% of the ads served in the fraudulent apps were malicious, while only 1.28% were malicious in the rest apps. This suggests that users of fraudulent apps are much more (14x) likely to encounter malicious ads. Additionally, we discovered that 243 popular JavaScript snippets embedded by over 10% of the landing pages were malicious. Finally, we conducted the first analysis on inappropriate mobile in-app ads.","PeriodicalId":23013,"journal":{"name":"The World Wide Web Conference","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The World Wide Web Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3308558.3313549","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16
Abstract
Online advertising is one of the primary funding sources for various of content, services, and applications on both web and mobile platforms. Mobile in-app advertising reuses many existing web technologies under the same ad-serving model (i.e., users - publishers - ad networks - advertisers). Nevertheless, mobile in-app advertising is different from the traditional web advertising in many aspects. For example, malicious app developers can generate fraudulent ad clicks in an automated fashion, but malicious web publishers have to launch click fraud with bots. In spite of using the same underlying web infrastructure, advertising threats behave differently on the two platforms. Existing works have studied separately click fraud and malvertising in the mobile setting. However, it is unknown if there exists a relationship between these two dominant threats. In this paper, we present an ad collection framework – MAdLife – on Android to capture all the in-app ad traffic generated during an ad's entire lifespan. MAdLife allows us to revisit both threats in a fine-grained manner and study the relationship between them. It further enables the exploration of other threats related to ad landing pages. We analyzed 5.7K Android apps crawled from the Google Play Store, and collected 83K ads and their landing pages using MAdLife. Similar to traditional web ads, 58K ads landed on web pages. We discovered 37 click-fraud apps, and found that 1.49% of the 58K ads were malicious. We also revealed a strong correlation between fraudulent apps and malicious ads. Specifically, 15.44% of malicious ads originated from the fraudulent apps. Conversely, 18.36% of the ads served in the fraudulent apps were malicious, while only 1.28% were malicious in the rest apps. This suggests that users of fraudulent apps are much more (14x) likely to encounter malicious ads. Additionally, we discovered that 243 popular JavaScript snippets embedded by over 10% of the landing pages were malicious. Finally, we conducted the first analysis on inappropriate mobile in-app ads.
在线广告是网络和移动平台上各种内容、服务和应用程序的主要资金来源之一。移动应用内广告在相同的广告服务模式下重用了许多现有的网络技术(即用户-发布商-广告网络-广告商)。然而,手机应用内广告与传统的网页广告在很多方面都有不同。例如,恶意应用开发者可以自动生成欺诈性广告点击,但恶意网络发布者必须使用机器人来进行点击欺诈。尽管使用相同的底层网络基础设施,广告威胁在两个平台上的表现却不同。现有的研究分别研究了移动环境下的点击欺诈和恶意广告。然而,这两种主要威胁之间是否存在关系尚不清楚。在本文中,我们提出了一个广告收集框架- MAdLife -在Android上捕获所有在广告的整个生命周期中产生的应用内广告流量。MAdLife允许我们以细粒度的方式重新审视这两种威胁,并研究它们之间的关系。它还可以进一步探索与广告着陆页相关的其他威胁。我们分析了从Google Play Store抓取的5.7万个Android应用,并使用MAdLife收集了8.3万个广告及其登陆页面。与传统的网络广告类似,在网页上投放了58K个广告。我们发现了37个点击欺诈应用,并发现5.8万个广告中有1.49%是恶意的。我们还发现欺诈性应用和恶意广告之间存在很强的相关性。具体来说,15.44%的恶意广告来自于欺诈性应用。相反,欺诈应用中18.36%的广告是恶意的,而在其他应用中只有1.28%的广告是恶意的。这表明欺诈性应用的用户更有可能(14倍)遇到恶意广告。此外,我们发现超过10%的登陆页面中嵌入的243个流行JavaScript片段是恶意的。最后,我们对不恰当的手机应用内广告进行了首次分析。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
