Understanding In-App Ads and Detecting Hidden Attacks through the Mobile App-Web Interface

Rui Shao*, Vaibhav Rastogi, Yan Chen, Xiang Pan, Guanyu Guo, Shihong Zou, Ryan Riley

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

6 Scopus citations


Mobile users are increasingly becoming targets of malware infections and scams. In order to curb such attacks it is important to know how these attacks originate. We take a previously unexplored step in this direction. Numerous in-app advertisements work at this interface: when the user taps on the advertisement, she is led to a web page which may further redirect until the user reaches the final destination. Even though the original applications may not be malicious, the Web destinations that the user visits could play an important role in propagating attacks. We develop a systematic static analysis methodology to find ad libraries embed in applications and dynamic analysis methodology consisting of three components related to triggering web links, detecting malware and scam campaigns, and determining the provenance of such campaigns reaching the user. Our static analysis system identified 242 different ad libraries and dynamic analysis system was deployed for a two-month period and analyzed over 600,000 applications while triggering a total of about 1.5 million links in applications to the Web. We gain a general understanding of attacks through the app-web interface and make several interesting findings including a rogue antivirus scam, free iPad scams, and advertisements propagating SMS trojans.

Original languageEnglish (US)
Article number8302841
Pages (from-to)2675-2688
Number of pages14
JournalIEEE Transactions on Mobile Computing
Issue number11
StatePublished - Nov 1 2018


  • Malware
  • ad libraries
  • app-web interface

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Understanding In-App Ads and Detecting Hidden Attacks through the Mobile App-Web Interface'. Together they form a unique fingerprint.

Cite this