No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSICPCICPC Full paper
The rise of malicious mobile applications poses a significant threat to users and app stores. While iOS apps have generally been considered more secure due to strict review process and limited distribution avenues, developers have found ways to evade scrutiny by disguising malicious apps as benign “Mask Apps”. Mask Apps activate hidden functionalities after user downloads or with a trigger event. The malicious and potentially illegal hidden function within Mask Apps poses significant risks, including privacy breaches, security vulnerabilities, and harm to legitimate businesses. However, existing detection methods are ineffectively against Mask Apps developed in web or hybrid models. To address this issue, we propose Mask-Catcher, an automated approach that uses four filtering mechanisms to detect Mask Apps. Mask-Catcher leverages inconsistencies between app descriptions and user reviews, inter-app recommendation relationships, and code similarity analysis to discover and identify Mask Apps. Experimental results demonstrate that Mask-Catcher achieves high recall and precision when applied to labeled and unlabeled datasets from the Apple App Store.
Tue 16 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | New Frontiers - Virtual Reality, Mobile Apps, Smart Contracts, and LLMsEarly Research Achievements (ERA) / Tool Demonstration / Research Track / at Sophia de Mello Breyner Andresen Chair(s): Sonia Haiduc Florida State University | ||
14:00 10mTalk | The Sword of Damocles: Upgradeable Smart Contract in EthereumICPCICPC Full paperVirtual-Talk Research Track Yuan Huang School of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Xiaoyuan Wu Sun Yat-sen University, Quanqi Wang Sun Yat-sen University, Ziang Qian Sun Yat-sen University, Xiangping Chen Sun Yat-sen University, Mingdong Tang Guangdong University of Foreign Studies, Zibin Zheng Sun Yat-sen University | ||
14:10 10mTalk | Collaborative Software Exploration with Multimedia Note Taking in Virtual RealityICPCICPC Full paper Research Track Adrian Hoff IT University of Copenhagen, Mircea Lungu IT University, Copenhagen, Christoph Seidl IT University of Copenhagen, Michele Lanza Software Institute - USI, Lugano Pre-print Media Attached | ||
14:20 10mTalk | No Source Code? No Problem! Demystifying and Detecting Mask Apps in iOSICPCICPC Full paper Research Track Yijun Zhao Institute of Information Engineering, Chinese Academy of Sciences, Lingjing Yu Institute of Information Engineering, Chinese Academy of Sciences, Yong Sun Institute of Information Engineering, Chinese Academy of Sciences, Qingyun Liu Institute of Information Engineering, Chinese Academy of Sciences, Bo Luo The University of Kansas Pre-print | ||
14:30 10mTalk | How do Hugging Face Models Document Datasets, Bias, and Licenses? An Empirical StudyICPCICPC Full paper Research Track Federica Pepe University of Sannio, Vittoria Nardone University of Molise, Antonio Mastropaolo Università della Svizzera italiana, Gabriele Bavota Software Institute @ Università della Svizzera Italiana, Gerardo Canfora University of Sannio, Massimiliano Di Penta University of Sannio, Italy Pre-print | ||
14:40 8mTalk | Capturing and Understanding the Drift Between Design, Implementation, and DocumentationICPCICPC ERA Paper Early Research Achievements (ERA) Joseph Romeo Software Institute - USI, Lugano, Switzerland, Marco Raglianti Software Institute - USI, Lugano, Csaba Nagy Software Institute - USI, Lugano, Michele Lanza Software Institute - USI, Lugano Pre-print | ||
14:48 8mTalk | Immersive Software Archaeology: Collaborative Exploration and Note Taking in Virtual RealityICPCICPC Tools Tool Demonstration Adrian Hoff IT University of Copenhagen, Mircea F. Lungu University of Groningen, Christoph Seidl IT University of Copenhagen, Michele Lanza Software Institute - USI, Lugano Pre-print Media Attached | ||
14:56 34mTalk | New Frontiers - Virtual Reality, Mobile Apps, Smart Contracts, and LLMs: Panel with SpeakersICPC Discussion | ||