@inproceedings{Hu-WWW-20,
author = {Hu, Yangyu and Wang, Haoyu and He, Ren and Li, Li and Tyson,
Gareth and Castro, Ignacio and Guo, Yao and Wu, Lei and Xu, Guoai},
title = {Mobile App Squatting},
year = {2020},
isbn = {9781450370233},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3366423.3380243},
doi = {10.1145/3366423.3380243},
abstract = {Domain squatting, the adversarial tactic where attackers
register domain names that mimic popular ones, has been observed for
decades. However, there has been growing anecdotal evidence that this style
of attack has spread to other domains. In this paper, we explore the
presence of squatting attacks in the mobile app ecosystem. In ¡°App
Squatting¡±, attackers release apps with identifiers (e.g., app name or
package name) that are confusingly similar to those of popular apps or
well-known Internet brands. This paper presents the first in-depth
measurement study of app squatting showing its prevalence and implications.
We first identify 11 common deformation approaches of app squatters and
propose ¡°AppCrazy¡±, a tool for automatically generating variations of app
identifiers. We have applied AppCrazy to the top-500 most popular apps in
Google Play, generating 224,322 deformation keywords which we then use to
test for app squatters on popular markets. Through this, we confirm the
scale of the problem, identifying 10,553 squatting apps (an average of over
20 squatting apps for each legitimate one). Our investigation reveals that
more than 51% of the squatting apps are malicious, with some being extremely
popular (up to 10 million downloads). Meanwhile, we also find that mobile
app markets have not been successful in identifying and eliminating
squatting apps. Our findings demonstrate the urgency to identify and prevent
app squatting abuses. To this end, we have publicly released all the
identified squatting apps, as well as our tool AppCrazy. },
booktitle = {Proceedings of The Web Conference 2020},
pages = {1727¨C1738},
numpages = {12},
keywords = {Android, app squatting, malware, fake app, typosquatting},
location = {Taipei, Taiwan},
series = {WWW '20}
}