Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

ModZoo: A Large-Scale Study of Modded Android Apps and their Markets (2402.19180v2)

Published 15 Feb 2024 in cs.OH, cs.CR, and cs.SE

Abstract: We present the results of the first large-scale study into Android markets that offer modified or modded apps: apps whose features and functionality have been altered by a third-party. We analyse over 146k (thousand) apps obtained from 13 of the most popular modded app markets. Around 90% of apps we collect are altered in some way when compared to the official counterparts on Google Play. Modifications include games cheats, such as infinite coins or lives; mainstream apps with premium features provided for free; and apps with modified advertising identifiers or excluded ads. We find the original app developers lose significant potential revenue due to: the provision of paid for apps for free (around 5% of the apps across all markets); the free availability of premium features that require payment in the official app; and modified advertising identifiers. While some modded apps have all trackers and ads removed (3%), in general, the installation of these apps is significantly more risky for the user than the official version: modded apps are ten times more likely to be marked as malicious and often request additional permissions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (61)
  1. DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android. In International conference on security and privacy in communication systems. Springer, 86–103. https://doi.org/10.1007/978-3-319-04283-1_6.
  2. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proceedings of the 13th International Conference on Mining Software Repositories (Austin, Texas) (MSR ’16). ACM, New York, NY, USA, 468–471. https://doi.org/10.1145/2901739.2903508 http://doi.acm.org/10.1145/2901739.2903508.
  3. Fahad Alswaina and Khaled Elleithy. 2018. Android Malware Permission-Based Multi-Class Classification Using Extremely Randomized Trees. IEEE Access 6 (2018), 76217–76227. https://doi.org/10.1109/ACCESS.2018.2883975.
  4. ”Android.com”. 2023a. Android Studio: Shrink, obfuscate, and optimize your app. https://developer.android.com/studio/build/shrink-code.
  5. ”Android.com”. 2023b. Google Play Protect: 2.5 Billion active devices. https://www.android.com/intl/en_us/play-protect/.
  6. AM Aswini and P Vinod. 2014. Droid permission miner: Mining prominent permissions for Android malware analysis. In The Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT 2014). IEEE, 81–86. https://doi.org/10.1109/ICADIWT.2014.6814679.
  7. Reliable Third-Party Library Detection in Android and Its Security Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS ’16). Association for Computing Machinery, New York, NY, USA, 356–367. https://doi.org/10.1145/2976749.2978333 https://doi.org/10.1145/2976749.2978333.
  8. Trouble Over-The-Air: An Analysis of FOTA Apps in the Android Ecosystem. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1606–1622. https://doi.org/10.1109/SP40001.2021.00095.
  9. A methodology for the security evaluation within third-party Android Marketplaces. Digital Investigation 23 (2017), 88–98. https://www.sciencedirect.com/science/article/pii/S1742287617300245 https://doi.org/10.1016/j.diin.2017.10.002.
  10. L. Ceci. 2023. TikTok IAP revenues worldwide 2023. https://www.statista.com/statistics/1377090/tiktok-worldwide-in-app-revenues-quarterly/.
  11. Following Devil’s Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS. In 2016 IEEE Symposium on Security and Privacy (SP). 357–376. https://doi.org/10.1109/SP.2016.29.
  12. Catalin Cimpanu. 2021. Android devices ensnared in DDoS botnet. https://www.zdnet.com/article/android-devices-ensnared-in-ddos-botnet/.
  13. ”Cloudflare.com”. 2023. Cloudflare DDoS Protection & Mitigation. https://www.cloudflare.com/en-gb/ddos/.
  14. The Competition and Markets Authority (CMA). 2022. Mobile ecosystems market study final report. https://www.gov.uk/government/publications/mobile-ecosystems-market-study-final-report.
  15. ”Europa.eu”. 2021. 2020/0374(COD) Digital Markets Act. https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2020/0374(COD).
  16. ”Europa.eu”. 2022. Deal on Digital Markets Act: EU rules to ensure fair competition and more choice for users. https://www.europarl.europa.eu/news/en/press-room/20220315IPR25504.
  17. Craig Goodwin and Sandra Woolley. 2022. Sideloading: An Exploration of Drivers and Motivations. In 35th International BCS Human-Computer Interaction Conference 35. 1–6. http://doi.org/10.14236/ewic/HCI2022.37.
  18. ”Google.com”. 2022a. Changes to Google Play’s billing system for users in Russia and Belarus. https://support.google.com/googleplay/android-developer/answer/11950272.
  19. ”Google.com”. 2022b. Rest of the world. https://support.google.com/googleplay/android-developer/answer/12201481.
  20. ”Google.com”. 2022c. Supported locations for distribution to Google Play users. https://support.google.com/googleplay/android-developer/answer/10532353.
  21. ”Google.com”. 2023a. Learn about refunds on Google Play. https://support.google.com/googleplay/answer/2479637.
  22. ”Google.com”. 2023b. On-device protections. https://developers.google.com/android/play-protect/client-protections.
  23. ”Google.com”. 2023c. Use Google Play Protect to help keep your apps safe and your data private. https://support.google.com/googleplay/answer/2812853.
  24. Marie Charlotte Götting. 2023. Spotify’s revenues from 2012 to 2022 by segment. https://www.statista.com/statistics/245125/revenue-distribution-of-spotify-by-segment/.
  25. Mixed Signals: Analyzing Software Attribution Challenges in the Android Ecosystem. IEEE Transactions on Software Engineering 49, 4 (2023), 2964–2979. https://doi.org/10.1109/TSE.2023.3236582
  26. Simon Hill. 2014. Freemium apps: necessary evil or plain greedy? Android Authority (21 05 2014). https://www.androidauthority.com/freemium-model-good-bad-thing-384124/.
  27. iBotPeaches. 2023. Apktool. https://github.com/iBotPeaches/Apktool.
  28. An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps. In Proceedings of the 2016 internet measurement conference. 349–364. https://doi.org/10.1145/2987443.2987471.
  29. Mansoor Iqbal. 2023. Spotify revenue and Usage Statistics (2023). https://www.businessofapps.com/data/spotify-statistics/.
  30. Better Malware Ground Truth: Techniques for Weighting Anti-Virus Vendor Labels. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security (Denver, Colorado, USA) (AISec ’15). Association for Computing Machinery, New York, NY, USA, 45–56. https://doi.org/10.1145/2808769.2808780 https://doi.org/10.1145/2808769.2808780.
  31. Empirical study of android repackaged applications. Empirical Software Engineering 24 (2019), 3587–3629. https://doi.org/10.1007/s10664-019-09760-3.
  32. John Koetsier. 2017. App developers losing $3-4 billion annually thanks to 14 billion pirated apps. https://www.forbes.com/sites/johnkoetsier/2017/07/24/app-developers-losing-3-4-billion-annually-thanks-to-14-billion-pirated-apps/.
  33. John Koetsier. 2023. TikTok earned $205 million more than Facebook, Twitter, snap and Instagram combined on in-app purchases in 2023. https://www.forbes.com/sites/johnkoetsier/2023/03/01/tiktok-earned-205-million-more-than-facebook-twitter-snap-and-instagram-combined-on-in-app-purchases-in-2023/.
  34. A Large-scale Investigation into Geodifferences in Mobile Apps. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1203–1220. https://www.usenix.org/conference/usenixsecurity22/presentation/kumar.
  35. The Price to Play: A Privacy Analysis of Free and Paid Games in the Android Ecosystem. In Proceedings of the ACM Web Conference 2022 (Virtual Event, Lyon, France) (WWW ’22). Association for Computing Machinery, New York, NY, USA, 3440–3449. https://doi.org/10.1145/3485447.3512279 https://doi.org/10.1145/3485447.3512279.
  36. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In Proceedings of the 26th Annual Network and Distributed System Security Symposium. Internet Society, 1–15. https://doi.org/10.14722/ndss.2019.23386.
  37. Rimantas Leonavičius. 2021. How to access Google Play app store while in China. https://cybernews.com/resources/how-to-access-google-play-app-store-while-in-china/.
  38. An Android malware detection method based on AndroidManifest file. In 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS). IEEE, 239–243. https://doi.org/10.1109/CCIS.2016.7790261.
  39. LibRadar: Fast and Accurate Detection of Third-Party Libraries in Android Apps. In Proceedings of the 38th International Conference on Software Engineering Companion (Austin, Texas) (ICSE ’16). Association for Computing Machinery, New York, NY, USA, 653–656. https://doi.org/10.1145/2889160.2889178 https://doi.org/10.1145/2889160.2889178.
  40. Chandraveer Mathur. 2023. A new Android botnet trojan is out for your banking data. https://www.androidpolice.com/android-botnet-trojan-steal-banking-data/.
  41. Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines. In Proceedings of the Internet Measurement Conference (Amsterdam, Netherlands) (IMC ’19). Association for Computing Machinery, New York, NY, USA, 478–485. https://doi.org/10.1145/3355369.3355585 https://doi.org/10.1145/3355369.3355585.
  42. Sarah Perez. 2023. Spotify’s third-party billing option has now reached over 140 global markets. https://techcrunch.com/2023/01/31/spotifys-third-party-billing-option-has-now-reached-over-140-global-markets/.
  43. Global Online Piracy Study. Amsterdam Law School Research Paper 2018-21 (2018). https://doi.org/10.2139/ssrn.3224323.
  44. Rafael Rob and Joel Waldfogel. 2006. Piracy on the high C’s: Music downloading, sales displacement, and social welfare in a sample of college students. The Journal of Law and Economics 49, 1 (2006), 29–62. https://doi.org/10.3386/w10874.
  45. Aleieldin Salem. 2021. Towards Accurate Labeling of Android Apps for Reliable Malware Detection. In Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy (Virtual Event, USA) (CODASPY ’21). Association for Computing Machinery, New York, NY, USA, 269–280. https://doi.org/10.1145/3422337.3447849
  46. Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection. ACM Trans. Priv. Secur. 24, 4, Article 25 (jul 2021), 35 pages. https://doi.org/10.1145/3465361
  47. AVclass: A Tool for Massive Malware Labeling. In Research in Attacks, Intrusions, and Defenses, Fabian Monrose, Marc Dacier, Gregory Blanc, and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing, Cham, 230–253. https://software.imdea.org/~juanca/papers/avclass_raid16.pdf.
  48. A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned. In 31st USENIX Security Symposium (USENIX Security 22). 1167–1184. https://www.usenix.org/conference/usenixsecurity22/presentation/shen-yun.
  49. Michael D Smith and Rahul Telang. 2012. Assessing the Academic Literature Regarding the Impact of Media Piracy on Sales. SSRN Electronic Journal (2012). https://dx.doi.org/10.2139/ssrn.2132153.
  50. Kristin Snyder. 2023. The secret to TikTok’s success with in-app purchases. https://dot.la/tiktok-revenue-2659494404.html.
  51. Android application classification and anomaly detection with graph-based permission patterns. Decision Support Systems 93 (2017), 62–76. https://doi.org/10.1016/j.dss.2016.09.006.
  52. DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 309–320. https://doi.org/10.1145/3029806.3029825.
  53. Altyeb Altaher Taha and Sharaf Jameel Malebary. 2021. Hybrid Classification of Android Malware Based on Fuzzy Clustering and the Gradient Boosting Machine. Neural Computing and Applications 33, 12 (jun 2021), 6721–6732. https://doi.org/10.1007/s00521-020-05450-0 https://doi.org/10.1007/s00521-020-05450-0.
  54. ”Wallhax.com”. 2021. What are ESP cheats? how ESP hacks work in multiplayer games! https://wallhax.com/what-are-esp-cheats/.
  55. Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets. In Proceedings of the Internet Measurement Conference 2018 (IMC ’18). Association for Computing Machinery, 293–307. https://doi.org/10.1145/3278532.3278558.
  56. RmvDroid: Towards A Reliable Android Malware Dataset with App Metadata. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). 404–408. https://doi.org/10.1109/MSR.2019.00067 https://doi.org/10.1109/MSR.2019.00067.
  57. NativeSpeaker: Identifying Crypto Misuses in Android Native Code Libraries. In International Conference on Information Security and Cryptology. Springer, 301–320. https://doi.org/10.1007/978-3-319-75160-3_19.
  58. ORLIS: Obfuscation-Resilient Library Detection for Android. In Proceedings of the 5th International Conference on Mobile Software Engineering and Systems (Gothenburg, Sweden) (MOBILESoft ’18). Association for Computing Machinery, New York, NY, USA, 13–23. https://doi.org/10.1145/3197231.3197248 https://doi.org/10.1145/3197231.3197248.
  59. LibID: Reliable Identification of Obfuscated Third-Party Android Libraries. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (Beijing, China) (ISSTA 2019). Association for Computing Machinery, New York, NY, USA, 55–65. https://doi.org/10.1145/3293882.3330563 https://doi.org/10.1145/3293882.3330563.
  60. Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2361–2378. https://www.usenix.org/conference/usenixsecurity20/presentation/zhu.
  61. Benchmarking Label Dynamics of VirusTotal Engines. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, USA) (CCS ’20). Association for Computing Machinery, New York, NY, USA, 2081–2083. https://doi.org/10.1145/3372297.3420013 https://doi.org/10.1145/3372297.3420013.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Luis A. Saavedra (1 paper)
  2. Hridoy S. Dutta (1 paper)
  3. Alastair R. Beresford (9 papers)
  4. Alice Hutchings (11 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets