Paper Info
Title
VirtualSwindle: an automated attack against in-app billing on android
Abstract
Since its introduction, Android's in-app billing service has quickly gained popularity. The in-app billing service allows users to pay for options, services, subscriptions, and virtual goods from within mobile apps themselves. In-app billing is attractive for developers because it is easy to integrate, and has the advantage that the developer does not need to be concerned with managing financial transactions. In this paper, we present the first fully-automated attack against the in-app billing service on Android. Using our prototype, we conducted a robustness study against our attack, analyzing 85 of the most popular Android apps that make use of in-app billing. We found that 60% of these apps were easily and automatically crackable. We were able to bypass highly popular and prominent games such as Angry Birds and Temple Run, each of which have millions of users. Based on our study, we developed a defensive technique that specifically counters automated attacks against in-app billing. Our technique is lightweight and can be easily added to existing applications.
Year
DOI
Venue
2014
10.1145/2590296.2590335
ASIACCS
Keywords
Field
DocType
security and protection,mobile application,payment,smartphone security,app protection
Internet privacy,World Wide Web,Android (operating system),Virtual goods,Computer security,Computer science,Popularity,Robustness (computer science),Financial transaction,Payment,Mobile apps
Conference
Citations 
PageRank 
References 
13
0.68
10
Authors
3
Name
Order
Citations
PageRank
Collin Mulliner122520.56
William Robertson21762123.11
Engin Kirda35386334.12