Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue\nthrough in-app advertising. Our study aims at identifying potential security risks of mobile-based advertising services\nwhere advertisers are charged for their advertisements on mobile applications. In the Android platform, we\nparticularly implement bot programs that can massively generate click events on advertisements on mobile\napplications and test their feasibility with eight popular advertising networks. Our experimental results show that six\nadvertising networks (75 %) out of eight are vulnerable to our attacks. To mitigate click fraud attacks, we suggest three\npossible defense mechanisms: (1) filtering out program-generated touch events; (2) identifying click fraud attacks with\nfaked advertisement banners; and (3) detecting anomalous behaviors generated by click fraud attacks. We also discuss\nwhy few companies were only willing to deploy such defense mechanisms by examining economic misincentives on\nthe mobile advertising industry.
Loading....