Potentially Unwanted App Detection for Blockchain-based Android App Marketplace

Android is a mobile operating system with a high degree of openness, which attracts an increasing number of developers. Android application (or simply, app) marketplace provides a trusted source of apps for users and a more equitable competition environment for individual developers and commercial teams. Blockchain's advantages of decentralization and data immutability are suitable for the Android app marketplace, which is mainly characterized by openness, equality, and security. However, this may also facilitate malicious developers to publish low-quality apps to display ads or steal users' privacy for revenue. Therefore, blockchain-based app marketplaces have a strong need to identify those potentially unwanted apps (PUAs). In this paper, we first introduce our blockchain-based app marketplace model. Then, we propose a new PUA detection method, mainly based on metadata and user ratings, and they are easily accessible from blockchain-based app marketplaces. Moreover, we introduce dynamic analysis to check whether the URLs visited by the app are in malicious URL blacklists since apps with massive access to these URLs tend to affect user experience. After that, we pre-process those complex and redundant features and represent each app as an embedding. Finally, to validate the effectiveness of our method, we utilize several clustering algorithms to represent these apps as clusters and search for suspicious PUA clusters. Our study reveals several characteristics of PUA and suggests that PUAs are still present and need to be urgently removed.