How Apps Prevent Black Market Attacks on a Fundamental Level

Search This thread

riteshchanchal

Senior Member
Jun 24, 2020
73
56
History of the Black Market

With the popularization of smartphones, black market tactics have shifted from controlling zombie computers for launching DDoS attacks and click farming on advertisements, to controlling Internet users in mobile service scenarios for monetization purposes. The rapid development of the Internet has made black market attacks adaptive to change and easy to replicate. As a result, attacks such as malicious registrations have been widely applied.

Today's apps need to continually invest in risk mitigation and security safeguards, in order to guard against automated malicious attacks from the black market.

Impact of Malicious Registrations

Malicious registration is the starting point for black market attacks. After registering various fake user accounts, attackers will seek to exploit these fake accounts to hunt for bonuses in e-commerce apps, wasting resources that are intended for genuine new users. The attackers may also use the accounts to undermine the user-generated content ecosystem via content spamming in social apps. These fake user accounts may also be exploited by malicious advertising agencies for ad traffic fraud, with the goal of extracting higher fees from advertisers. Fake users offer no real benefits to advertised apps. According to data from EverSafe Online, there are up to 8.3 million fake user attacks every day, most of which are concentrated in industries related to finance, e-commerce, and social networking.

Prevention of Malicious Registration Attacks

Attackers may implement malicious registrations through automated registration tools and user-based crowdsourcing platforms. For the former, if an app requires identity verification, a large number of malicious registration requests can be filtered out. For the latter, however, if registered accounts are resold after real users complete identity verification, it can be more difficult to identify and handle these violation accounts. Therefore, more accurate risk-related data analysis is required, which will result in higher operating costs.

HUAWEI Safety Detect: A Free Service, Open to All Developers

With regard to malicious attacks, it is crucial for apps to enhance their security capabilities, starting with the very beginning of the registration process. Safety Detect offers the UserDetect API, which helps apps check whether they are interacting with fake users via the real-time risk analysis engine. If a user is deemed suspicious or risky, they will be asked to perform a secondary verification to confirm the accuracy of detection.

Outside the Chinese mainland, Safety Detect provides users with a captcha-based verification code for secondary verification. In the Chinese mainland, the nocaptcha API on the cloud is used to obtain the user detection result. Users can proceed only after they have passed this secondary verification.

Safety Detect also provides apps with the SysIntegrity API to effectively identify fake users from simulators, enabling apps to prevent fake users from operating in Internet advertising channels. For more details, please refer to the case of Mei Ri Qing Li Da Shi.

Currently, a wide range of apps, including those in finance, e-commerce, video, and news apps, as well as browsers, have already integrated Safety Detect, and relied on it to improve risk identification and prevention capabilities. By equipping your app with Safety Detect, you can begin bolstering its security capabilities.

More cases:

l Risky URL detection

l Video security for video apps

l Credit card fraud prevention for electronic payment apps

l Reduction of malicious reviews on apps

l Enhanced app sign-in security


For more details, you can go to:

l Our official website

l Our Development Documentation page, to find the documents you need

l Reddit to join our developer discussion

l GitHub to download demos and sample codes

l Stack Overflow to solve any integration problems


Original source
 
  • Like
Reactions: irahus

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    History of the Black Market

    With the popularization of smartphones, black market tactics have shifted from controlling zombie computers for launching DDoS attacks and click farming on advertisements, to controlling Internet users in mobile service scenarios for monetization purposes. The rapid development of the Internet has made black market attacks adaptive to change and easy to replicate. As a result, attacks such as malicious registrations have been widely applied.

    Today's apps need to continually invest in risk mitigation and security safeguards, in order to guard against automated malicious attacks from the black market.

    Impact of Malicious Registrations

    Malicious registration is the starting point for black market attacks. After registering various fake user accounts, attackers will seek to exploit these fake accounts to hunt for bonuses in e-commerce apps, wasting resources that are intended for genuine new users. The attackers may also use the accounts to undermine the user-generated content ecosystem via content spamming in social apps. These fake user accounts may also be exploited by malicious advertising agencies for ad traffic fraud, with the goal of extracting higher fees from advertisers. Fake users offer no real benefits to advertised apps. According to data from EverSafe Online, there are up to 8.3 million fake user attacks every day, most of which are concentrated in industries related to finance, e-commerce, and social networking.

    Prevention of Malicious Registration Attacks

    Attackers may implement malicious registrations through automated registration tools and user-based crowdsourcing platforms. For the former, if an app requires identity verification, a large number of malicious registration requests can be filtered out. For the latter, however, if registered accounts are resold after real users complete identity verification, it can be more difficult to identify and handle these violation accounts. Therefore, more accurate risk-related data analysis is required, which will result in higher operating costs.

    HUAWEI Safety Detect: A Free Service, Open to All Developers

    With regard to malicious attacks, it is crucial for apps to enhance their security capabilities, starting with the very beginning of the registration process. Safety Detect offers the UserDetect API, which helps apps check whether they are interacting with fake users via the real-time risk analysis engine. If a user is deemed suspicious or risky, they will be asked to perform a secondary verification to confirm the accuracy of detection.

    Outside the Chinese mainland, Safety Detect provides users with a captcha-based verification code for secondary verification. In the Chinese mainland, the nocaptcha API on the cloud is used to obtain the user detection result. Users can proceed only after they have passed this secondary verification.

    Safety Detect also provides apps with the SysIntegrity API to effectively identify fake users from simulators, enabling apps to prevent fake users from operating in Internet advertising channels. For more details, please refer to the case of Mei Ri Qing Li Da Shi.

    Currently, a wide range of apps, including those in finance, e-commerce, video, and news apps, as well as browsers, have already integrated Safety Detect, and relied on it to improve risk identification and prevention capabilities. By equipping your app with Safety Detect, you can begin bolstering its security capabilities.

    More cases:

    l Risky URL detection

    l Video security for video apps

    l Credit card fraud prevention for electronic payment apps

    l Reduction of malicious reviews on apps

    l Enhanced app sign-in security


    For more details, you can go to:

    l Our official website

    l Our Development Documentation page, to find the documents you need

    l Reddit to join our developer discussion

    l GitHub to download demos and sample codes

    l Stack Overflow to solve any integration problems


    Original source
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone