Understanding Illicit UI in iOS apps Through Hidden UI Analysis
- Authors
- Lee, Yeonjoon; Wang, Xueqiang; Liao, Xiaojing; Wang, Xiaofeng
- Issue Date
- Oct-2021
- Publisher
- IEEE COMPUTER SOC
- Keywords
- Measurement of malware and spam; Mobile security; Evasive apps; Underground services
- Citation
- IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v.18, no.5, pp.2390 - 2402
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
- Volume
- 18
- Number
- 5
- Start Page
- 2390
- End Page
- 2402
- URI
- https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/2293
- DOI
- 10.1109/TDSC.2019.2950253
- ISSN
- 1545-5971
- Abstract
- In Chameleon apps, benign UIs are displayed during Apple App vetting while their hidden potentially-harmful illicit UIs (PHI-UI) are revealed once they reached App Store. In this paper, we report the first systematic study on iOS Chameleon apps, which sheds light on a largely overlooked threat that the illicit activities are launched solely based on UI. Our research employed CHAMELEON-HUNTER, a new static analysis approach that determines the suspiciousness of a PHI-UI leveraging the semantic features generated from iOS app UI and metadata. The approach is based on the observation that PHI-UI not only is structurally hidden but also has notable semantic inconsistency with the benign UI. Our evaluation shows that CHAMELEON-HUNTER is highly effective, achieving 92.6% precision and 94.7% recall. From 28K Apple App Store apps, we found 142 new Chameleon apps, which were confirmed and promptly removed by Apple. Our work reveals that Chameleon apps can easily bypass the App store vetting and conduct a set of suspicious activities including collecting users' private information, swindling money with fake monetary services, and leading the user to a pirated app store, etc.
- Files in This Item
-
Go to Link
- Appears in
Collections - COLLEGE OF COMPUTING > ERICA 컴퓨터학부 > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/2293)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.