Joongyum Kim scite author profile

Joongyum Kim

2Publications

7Citation Statements Received

80Citation Statements Given

How they've been cited

How they cite others

Affiliations

Kootenay Association for Science & Technology, Korea Advanced Institute of Science and Technology

Publications

Order By: Most citations

The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud

Kim¹,

Park²,

Son³

2021

View full text Add to dashboard Cite

Mobile ad fraud is a significant threat that victimizes app publishers and their users, thereby undermining the ecosystem of app markets. Prior works on detecting mobile ad fraud have focused on constructing predefined test scenarios that preclude user involvement in identifying ad fraud. However, due to their dependence on contextual testing environments, these works have neglected to track which app modules and which user interactions are responsible for observed ad fraud. To address these shortcomings, this paper presents the design and implementation of FraudDetective, a dynamic testing framework that identifies ad fraud activities. FraudDetective focuses on identifying fraudulent activities that originate without any user interactions. FraudDetective computes a full stack trace from an observed ad fraud activity to a user event by connecting fragmented multiple stack traces, thus generating the causal relationships between user inputs and the observed fraudulent activity. We revised an Android Open Source Project (AOSP) to emit detected ad fraud activities along with their full stack traces, which help pinpoint the app modules responsible for the observed fraud activities. We evaluate FraudDetective on 48,172 apps from Google Play Store. FraudDetective reports that 74 apps are responsible for 34,453 ad fraud activities and find that 98.6% of the fraudulent behaviors originate from embedded third-party ad libraries. Our evaluation demonstrates that FraudDetective is capable of accurately identifying ad fraud via reasoning based on observed suspicious behaviors without user interactions. The experimental results also yield the new insight that abusive ad service providers harness their ad libraries to actively engage in committing ad fraud.

show abstract

HearMeOut

Kim

et al. 2022

View full text Add to dashboard Cite

In South Korea, voice phishing has been proliferating with the advent of voice phishing apps: the number of annual victims had risen to 34,527 in 2020, representing financial losses of approximately 598 million USD. However, the voice phishing functionalities that these abusive apps implement are largely understudied. To this end, we analyze 1,017 voice phishing apps and reveal new phishing functionalities: outgoing call redirection, call screen overlay, and fake call voice. We find that call redirection that changes the intended recipients of victims' outgoing calls plays a critical role in facilitating voice phishing; our user study shows that 87% of the participants did not notice that their intended recipients were changed when call redirection occurred. We further investigate implementations of these fatal functionalities to distinguish their malicious behaviors from their corresponding behaviors in benign apps. We then propose HearMeOut, an Android system-level service that detects phishing behaviors that phishing apps conduct in runtime and blocks the detected behaviors. HearMeOut achieves high accuracy with no false positives or negatives in classifying phishing behaviors while exhibiting an unnoticeable latency of 0.36 ms on average. Our user study demonstrates that HearMeOut is able to prevent 100% of participants from being phished by providing active warnings. Our work facilitates a better understanding of recent voice phishing and proposes practical mitigation with recommendations for Android system changes. CCS CONCEPTS• Security and privacy → Mobile and wireless security; Malware and its mitigation; Intrusion/anomaly detection and malware mitigation; Domain-specific security and privacy architectures.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Joongyum Kim

The Abuser Inside Apps: Finding the Culprit Committing Mobile Ad Fraud

HearMeOut

Contact Info

Product

Resources

About