Understanding Illicit UI in iOS apps Through Hidden UI Analysis
- Title
- Understanding Illicit UI in iOS apps Through Hidden UI Analysis
- Author
- 이연준
- Keywords
- Measurement of malware and spam; Mobile security; Evasive apps; Underground services
- Issue Date
- 2019-10
- Publisher
- IEEE COMPUTER SOC
- Citation
- IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, Page. 1-1
- Abstract
- In Chameleon apps, benign UIs are displayed during Apple App vetting while their hidden potentially-harmful illicit UIs (PHI-UI) are revealed once they reached App Store. In this paper, we report the first systematic study on iOS Chameleon apps, which sheds light on a largely overlooked threat that the illicit activities are launched solely based on UI. Our research employed CHAMELEON-HUNTER, a new static analysis approach that determines the suspiciousness of a PHI-UI leveraging the semantic features generated from iOS app UI and metadata. The approach is based on the observation that PHI-UI not only is structurally hidden but also has notable semantic inconsistency with the benign UI. Our evaluation shows that CHAMELEON-HUNTER is highly effective, achieving 92.6% precision and 94.7% recall. From 28K Apple App Store apps, we found 142 new Chameleon apps, which were confirmed and promptly removed by Apple. Our work reveals that Chameleon apps can easily bypass the App store vetting and conduct a set of suspicious activities including collecting users' private information, swindling money with fake monetary services, and leading the user to a pirated app store, etc.
- URI
- https://ieeexplore.ieee.org/abstract/document/8888213https://repository.hanyang.ac.kr/handle/20.500.11754/121244
- ISSN
- 1545-5971; 1941-0018
- DOI
- 10.1109/TDSC.2019.2950253
- Appears in Collections:
- COLLEGE OF COMPUTING[E](소프트웨어융합대학) > COMPUTER SCIENCE(소프트웨어학부) > Articles
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML