# FairPlay: Fraud and Malware Detection in Google Play

**Authors:** Mahmudur Rahman, Mizanur Rahman, Bogdan Carbunar, Duen Horng Chau

arXiv: 1703.02002 · 2017-03-07

## TL;DR

FairPlay is a system that detects malware and search rank fraud in Google Play by analyzing review activities, linguistic, and behavioral signals, and it uncovers new attack campaigns and evades existing detection methods.

## Contribution

The paper introduces FairPlay, a novel detection system that combines multiple signals and a new dataset to identify fraudulent and malicious apps in Google Play.

## Key findings

- Achieves over 95% accuracy in classifying apps
- Identifies that 75% of malware apps engage in search rank fraud
- Discovers new attack campaigns involving user harassment and review manipulation

## Abstract

Fraudulent behaviors in Google Android app market fuel search rank abuse and malware proliferation. We present FairPlay, a novel system that uncovers both malware and search rank fraud apps, by picking out trails that fraudsters leave behind. To identify suspicious apps, FairPlay PCF algorithm correlates review activities and uniquely combines detected review relations with linguistic and behavioral signals gleaned from longitudinal Google Play app data. We contribute a new longitudinal app dataset to the community, which consists of over 87K apps, 2.9M reviews, and 2.4M reviewers, collected over half a year. FairPlay achieves over 95% accuracy in classifying gold standard datasets of malware, fraudulent and legitimate apps. We show that 75% of the identified malware apps engage in search rank fraud. FairPlay discovers hundreds of fraudulent apps that currently evade Google Bouncer detection technology, and reveals a new type of attack campaign, where users are harassed into writing positive reviews, and install and review other apps.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1703.02002/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1703.02002/full.md

## References

30 references — full list in the complete paper: https://tomesphere.com/paper/1703.02002/full.md

---
Source: https://tomesphere.com/paper/1703.02002