Beyond App Markets: Demystifying Underground Mobile App Distribution Via Telegram
- URL: http://arxiv.org/abs/2408.03482v3
- Date: Tue, 5 Nov 2024 06:59:49 GMT
- Title: Beyond App Markets: Demystifying Underground Mobile App Distribution Via Telegram
- Authors: Yanhui Guo, Dong Wang, Liu Wang, Yongsheng Fang, Chao Wang, Minghui Yang, Tianming Liu, Haoyu Wang,
- Abstract summary: This study provides the first comprehensive exploration of the underground mobile app ecosystem on Telegram.
Our findings reveal the significant prevalence of these apps on Telegram, with the total sum of subscription user numbers promoting these apps equivalent to 1% of Telegram's user base.
Our analysis also exposes the misuse of iOS features for app distribution and the prevalence of malicious behaviors in these apps.
- Score: 23.638100691705482
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Within the thriving mobile app ecosystem ecosystem, a subset of apps provides illicit services such as gambling and pornography to pursue economic gains, collectively referred to as "underground economy apps". While previous studies have examined these apps' characteristics and identification methods, investigations into their distribution via platforms beyond app markets (like Telegram) remain scarce, which has emerged as a crucial channel for underground activities and cybercrime due to the robust encryption and user anonymity. This study provides the first comprehensive exploration of the underground mobile app ecosystem on Telegram. Overcoming the complexities of the Telegram environment, we build a novel dataset and analyze the prevalence, promotional strategies, and characteristics of these apps. Our findings reveal the significant prevalence of these apps on Telegram, with the total sum of subscription user numbers across channels promoting these apps equivalent to 1% of Telegram's user base. We find these apps primarily cater to gambling and pornography services. We uncover sophisticated promotional strategies involving complex networks of apps, websites, users, and channels, and identify significant gaps in Telegram's content moderation capabilities. Our analysis also exposes the misuse of iOS features for app distribution and the prevalence of malicious behaviors in these apps. This research not only enhances our understanding of the underground app ecosystem but also provides valuable insights for developing effective regulatory measures and protecting users from potential risks associated with these covert operations. Our findings provide implications for platform regulators, app market operators, law enforcement agencies, and cybersecurity professionals in combating the proliferation of underground apps on encrypted messaging platforms.
Related papers
- Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow [10.342268145364242]
We mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques.
The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps.
Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community.
arXiv Detail & Related papers (2024-09-12T10:45:45Z) - Exploring ChatGPT App Ecosystem: Distribution, Deployment and Security [3.0924093890016904]
ChatGPT has enabled third-party developers to create plugins to expand ChatGPT's capabilities.
We conduct the first comprehensive study of the ChatGPT app ecosystem, aiming to illuminate its landscape for our research community.
We uncover an uneven distribution of functionality among ChatGPT plugins, highlighting prevalent and emerging topics.
arXiv Detail & Related papers (2024-08-26T15:31:58Z) - A Comprehensive Study of Disaster Support Mobile Apps [5.997813604355405]
We conducted a detailed analysis of 45 disaster apps and 28,161 reviews on these apps.
We identified 13 key features in these apps and categorised them in to the 4 stages of disaster life cycle.
Our analysis revealed 22 topics with highest discussions being on apps alert functionality, app satisfaction and use of maps.
arXiv Detail & Related papers (2024-07-11T02:58:12Z) - Wireless Crowd Detection for Smart Overtourism Mitigation [50.031356998422815]
This chapter describes a low-cost approach to monitoring overtourism based on mobile devices' wireless activity.
The crowding sensors count the number of surrounding mobile devices, by detecting trace elements of wireless technologies.
They run detection programs for several technologies, and fingerprinting analysis results are only stored locally in an anonymized database.
arXiv Detail & Related papers (2024-02-14T13:20:24Z) - An Empirical Investigation of Personalization Factors on TikTok [77.34726150561087]
Despite the importance of TikTok's algorithm to the platform's success and content distribution, little work has been done on the empirical analysis of the algorithm.
Using a sock-puppet audit methodology with a custom algorithm developed by us, we tested and analysed the effect of the language and location used to access TikTok.
We identify that the follow-feature has the strongest influence, followed by the like-feature and video view rate.
arXiv Detail & Related papers (2022-01-28T17:40:00Z) - Relational Graph Neural Networks for Fraud Detection in a Super-App
environment [53.561797148529664]
We propose a framework of relational graph convolutional networks methods for fraudulent behaviour prevention in the financial services of a Super-App.
We use an interpretability algorithm for graph neural networks to determine the most important relations to the classification task of the users.
Our results show that there is an added value when considering models that take advantage of the alternative data of the Super-App and the interactions found in their high connectivity.
arXiv Detail & Related papers (2021-07-29T00:02:06Z) - Market-level Analysis of Government-backed COVID-19 Contact Tracing Apps [7.222710562941077]
Government and public health authorities have launched a number of contact-tracing apps to help curb the spread of the COVID-19 pandemic.
We perform the first market-level analysis of contact tracing apps.
arXiv Detail & Related papers (2020-12-20T08:43:03Z) - Urban Sensing based on Mobile Phone Data: Approaches, Applications and
Challenges [67.71975391801257]
Much concern in mobile data analysis is related to human beings and their behaviours.
This work aims to review the methods and techniques that have been implemented to discover knowledge from mobile phone data.
arXiv Detail & Related papers (2020-08-29T15:14:03Z) - Emerging App Issue Identification via Online Joint Sentiment-Topic
Tracing [66.57888248681303]
We propose a novel emerging issue detection approach named MERIT.
Based on the AOBST model, we infer the topics negatively reflected in user reviews for one app version.
Experiments on popular apps from Google Play and Apple's App Store demonstrate the effectiveness of MERIT.
arXiv Detail & Related papers (2020-08-23T06:34:05Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [0.0]
SeMA is a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards.
An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps.
arXiv Detail & Related papers (2020-01-27T20:10:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.