Understanding iOS-based Crowdturfing Through Hidden UI Analysis

Abstract

A new type of malicious crowdsourcing (a.k.a., crowdturfing)clients, mobile apps with hidden crowdturfing user interface(UI), is increasingly being utilized by miscreants to coordinatecrowdturfing workers and publish mobile based crowdturfingtasks (e.g., app ranking manipulation) even on the strictly con-trolled Apple App Store. These apps hide their crowdturfingcontent behind innocent-looking UIs to bypass app vettingand infiltrate the app store. To the best of our knowledge,little has been done so far to understand this new abusiveservice, in terms of its scope, impact and techniques, not tomention any effort to identify such stealthy crowdturfing appson a large scale, particularly on the Apple platform. In thispaper, we report the first measurement study on iOS appswith hidden crowdturfing UIs. Our findings bring to light themobile-based crowdturfing ecosystem (e.g., app promotionfor worker recruitment, campaign identification) and the un-derground developers tricks (e.g., scheme, logic bomb) forevading app vetting.