One of the constant threats for the Android users while downloading apps from Google Play Store is the Malware. Several ways are there to combat with those malicious apps. There are 2.7 million apps for Smartphone users to choose from, and to its credit, Google has a system called Google Bouncer that looks for and removes malicious apps. But numerous apps are slipped out from the safety net. System called Fairplay is developed which searches for the malicious apps in an entirely different way.
How Fairplay works?
Instead of scanning the software code others, Fairplay follows the trails that users leave behind while fraudulently boosting their ratings. By following these trails, it can spot the malicious activity that is commonly slipped through Google’s security system.
It is noticed that the users who post fraudulent reviews to boost the rankings of malicious apps tend to use the same account for a lot of different apps. Hence, once they are identified, they are easy to follow.
It’s very common, why they behave like this. To leave a review or rating on Google Play, users must have a Google account, register a mobile device to that account, and then install the app on the registered device. That makes it difficult to create lots of different accounts linked with various mobile numbers, so to make their lives easy; the malicious users tend to use just one.
The approach goes like this, firstly, identify malicious activity and then, map those accounts. They began by downloading all the reviews and ratings associated with all the newly uploaded apps to Google Play between October 2014 and May 2015. Then traditional antivirus tools are used along with human experts in app fraud, to manually identify over 200 apps containing malware. This forms the dataset of malicious apps. They also ask the experts to identify Google accounts responsible for generating fraudulent reviews and finding 15 accounts that had written fraudulent reviews for 200 apps.
From all the fraudulent activity, they selected a set of fraudulent reviews to train a machine-learning algorithm to spot others like them. Fairplay is designed to look at other potential indicators of malicious behavior, such as the number of permission an app ask for and in the ratings appear over time, looking in particular suspicious spikes in rating activity.
Finally, they let the algorithm loose on the entire set of 90,000 apps newly released on play store. This leads to the discovery of hundreds of malicious apps that evade Google Bouncer’s detection technology.