Careful About What App Promotion Ads Recommend! Detecting and Explaining Malware Promotion via App Promotion Graph

TL;DR

This paper introduces ADGPE, a novel method combining UI exploration and graph learning to detect and explain malware promoted through app ads, revealing significant risks in the app promotion ecosystem.

Contribution

The paper presents ADGPE, a new approach that automatically detects and explains malware promotion via app ads using UI exploration and graph learning techniques.

Findings

Detected malware-promoting ads with high accuracy

Revealed complex promotion mechanisms used by malware

Highlighted substantial risks in app promotion ecosystem

Abstract

In Android apps, their developers frequently place app promotion ads, namely advertisements to promote other apps. Unfortunately, the inadequate vetting of ad content allows malicious developers to exploit app promotion ads as a new distribution channel for malware. To help detect malware distributed via app promotion ads, in this paper, we propose a novel approach, named ADGPE, that synergistically integrates app user interface (UI) exploration with graph learning to automatically collect app promotion ads, detect malware promoted by these ads, and explain the promotion mechanisms employed by the detected malware. Our evaluation on 18, 627 app promotion ads demonstrates the substantial risks in the app promotion ecosystem.