Detecting Hidden Attacks through the Mobile App-Web Interfaces

Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, Ryan Riley

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Mobile users are increasingly becoming targets of malware infections and scams. Some platforms, such as Android, are more open than others and are therefore easier to exploit than other platforms. In order to curb such attacks it is important to know how these attacks originate. We take a previously unexplored step in this direction and look for the answer at the interface between mobile apps and the Web. Numerous in-app advertisements work at this interface: when the user taps on an advertisement, she is led to a web page which may further redirect until the user reaches the final destination. Similarly, applications also embed web links that again lead to the outside Web. Even though the original application may not be malicious, the Web destinations that the user visits could play an important role in propagating attacks.

In order to study such attacks we develop a systematic methodology consisting of three components related to triggering web links and advertisements, detecting malware and scam campaigns, and determining the provenance of such campaigns reaching the user. We have realized this methodology through various techniques and contributions and have developed a robust, integrated system capable of running continuously without human intervention. We deployed this system for a two-month period and analyzed over 600,000 applications in the United States and in China while triggering a total of about 1.5 million links in applications to the Web. We gain a general understanding of attacks through the app-web interface as well as make several interesting findings, including a rogue antivirus scam, free iPad and iPhone scams, and advertisements propagating SMS trojans disguised as fake movie players. In broader terms, our system enables locating attacks and identifying the parties (such as specific ad networks, websites, and applications) that intentionally or unintentionally let them reach the end users and, thus, increasing accountability from these parties.
Original languageEnglish (US)
Title of host publication2016 Network and Distributed System Security Symposium (NDSS)
Place of PublicationSan Diego, Ca, USA
PublisherThe Internet
Number of pages15
ISBN (Print)189156241X
StatePublished - 2016


Dive into the research topics of 'Detecting Hidden Attacks through the Mobile App-Web Interfaces'. Together they form a unique fingerprint.

Cite this