APP promotion 60% traffic by “brush” Ali original five-layer identification model against cheating
Under the environment of slowing growth of the number of mobile terminal devices and accelerating updating of competing products, Internet companies are facing huge pressure of soaring promotion costs, and the once-hot App promotion market is deeply affected.
In order to ensure the number of downloads and usage, App manufacturers usually invest huge sums of money in third-party channels to promote and attract more users. See profitable ghost, wool party, brush quantity intermediary will take advantage of the situation and enter, become the backbone of brush quantity promotion data fraud.
According to a financial report, 60 percent of the promotion budget of more than 10 million traffic will be eaten up by insiders, intermediaries and wool cliques. Industry platforms also have data on mobile fraud, which exceeded hundreds of millions of dollars in 2016. On October 11, Alibaba mobile security experts in the cloud conference “new security · new starting point” sub-forum, introduced the App traffic promotion data fraud attack and defense industry chain and reinforcement of App security protection technology.
Channel promotion cheats make half a million dollars a day
Picture: Alibaba security expert Ma Zheng in the cloud conference “new security new starting point” sub-forum speech
How did 60% of the promotional traffic budget get eaten up? Become the unspoken secret of the industry. According to Ma Zheng, a mobile security expert at Alibaba, generally speaking, App makers promote their apps in three main ways. The first is to cooperate with major channel providers, such as the major mobile app markets, and mainstream media. The second is to cooperate with mobile phone manufacturers, and the mobile phone will be pre-installed with the corresponding App. The third kind is advertising alliance, can have numerous channel resources in each stationmaster hand.
Among them, there are some behaviors of cheating by brushing, such as using third-party platforms, releasing downloading tasks, and attracting part-timers and social people to brush through commissions. The characteristics of the crowdfunding brushing are that the activated devices are all real computers, and the activation IP and location information are also different, so there are no obvious cheating characteristics, and it is difficult to identify.
There are also ways to brush the virus. That is to use malicious virus to infect mobile devices, silent installation of other promotional apps. In 2016, A domestic A-share listed company used this method to make huge profits.
The virus broke out globally from January to June 2016, with more than 1.2 million people living daily and signs of infection in many countries around the world. After capturing the virus, a security research institute conducted an experiment and found that 200 apps were installed on the infected phone within two to three hours, consuming a total of 2 gigabytes of traffic. According to the App mobile distribution of $0.5 download cost conservative estimate, the daily profit can reach $500,000, very huge profit. Similar to human brush, machine brush and other cheating brush quantity is black practitioners commonly used methods.
Drawings: forging daily activity and business data diagrams
If the real user data of App promotion products cannot be identified in time, it will bring huge waste of human and financial resources to the enterprise and make the enterprise miss the best promotion opportunity, which is directly related to the space and possibility of the long-term development of App. According to the current market analysis of App promotion, an effective installation of live streaming apps is generally 5 to 10 yuan, while the unit price of game and financial App promotion can be as high as tens of yuan. How to identify the channel cheating, reduce the loss of the company, become a crucial and urgent matter.
For securing the black, the commonly used several anti-cheating scheme including whether testing equipment has a ROOT, prison authority, collect and check whether installed the common cheating tools (such as to modify the plug-in, click on the automation of equipment information software, etc.) analysis of the specific business data, 7 retained, the custom event trigger.
However, technology is always a foot high, black anti-cheating for the traditional anti-cheating scheme has been cracked one by one, anti-process enumeration, anti-root, jailbreak detection and so on, making the industry brush cheating ash production rule and never stop. Ali security’s original five-layer identification model. After more than 10 years of precipitation and multiple double eleven baptism, can effectively identify a variety of brush cheating. How to identify channel cheating, timely stop loss, become a very important and urgent matter.
Fake App flooding user information security risks
Picture: Alibaba security expert Sun Zedou in the cloud conference “new security new starting point” sub-forum speech
The security challenges facing apps in recent years are not limited to the promotion of data fraud. In addition to the explosive growth in the overall number of apps, reverse attacks on mobile apps are becoming more sophisticated.
For example, the most popular applications on the Internet are unpacked, inserted advertisements, viruses, malicious programs and so on for “secondary packaging” re-release of counterfeit, they can obtain high profits. Low threshold, zero cost, high income, make this gray industry chain rapidly expanding.
According to the 2016 Aliju Security Annual Report analysis, 89% of popular apps that year were counterfeits. The number of counterfeits reached 12,859, an average of 54 per app, and the total number of infected devices reached 23.74 million. Among them, social applications have the highest volume of counterfeits, accounting for 53% of counterfeits, ranking first, while software piracy, SMS hijacking, hooliganism, malicious withholding of fees are the main malicious behavior of counterfeits.
Users who download these fake apps by mistake also face frequent AD harassment, lost traffic and, in serious cases, theft of passwords and personal information.
In order to solve the problem that hardened products are easy to be unhulled, code obfuscation technology has become one of the most effective ways to resist reverse attack. The average obfuscation rate is about 10% to 30%. The full obfuscation technology launched by Ali Mobile Security takes APK as the input, making the average obfuscation rate as high as 80%.
In addition, for large-scale plug-in applications, full obfuscation technology supports the confusion of APK main program and APK plug-in, and it is difficult to reverse analyze the confused program even without reinforcement, which greatly improves the security of the application.
Sun Zedu, a security expert of Alibaba, said that ali Mobile security reinforcement has adapted to more and more complex business scenarios. Through technical breakthroughs, ali mobile security has now supported various applications with hotpatch (hot deployment) function requirements, so as to ensure that even if the application uses hotpatch (hot deployment), such complicated functions, You can still use hardening to protect your code logic.
Ali gather security Ali Gather security (http://jaq.alibaba.com) produced by the Alibaba Security Department, for enterprises and developers to provide Internet business security solutions, comprehensive coverage of mobile security, data risk control, content security, real person authentication and other dimensions, and in the industry took the lead in putting forward “business-centric security”, enabling ecology, Alibaba Group and the industry to share years of precipitation of professional security ability.