Trust it or not? An empirical study of rating mechanism and its impact on Smartphone malware propagation

Abstract

Malicious applications (malware) have attracted much attention from both academia and industry. Thanks to this, common users start to install anti-malware tools to help protect their phones. However, we notice that attackers can still take advantage of some existing mechanisms to induce users to download malware and bypass anti-malware software. In this paper, we focus on the app rating mechanism on smartphones and aim to evaluate its impact on malware propagation. More specifically, we investigate how this mechanism can be maliciously used to leverage the trust levels of users and achieve particular goals (i.e., inducing users to download malware). In the evaluation, we develop a malicious rating system and conduct a study with over 400 participants. Our results indicate that such rating mechanism can affect users’ trust on app download and can be utilized to propagate malware.