70% of App promotions are fraudulent. Whose cake has been touched by anti-cheating?

[51CTO.com original article] At present, the mobile Internet market is developing rapidly, and mobile applications are growing rapidly. Along with this, black and gray industries are coming one after another. Cheating phenomena such as APP promotion volume brushing and O2O "wool party" order brushing continue to appear. Some media have publicly reported that 70% of APP promotion data is fake. In response to these problems, Zhang Yuping, CTO of Shumeng Technology, a senior mobile phone security technology expert with more than 10 years of experience in the field of mobile Internet security, introduced to us that the difficulty of anti-cheating technology is one aspect, and the more difficult thing is whose cake is touched.

Solve the promotion problems of mobile developers through technical means

A few years ago, Zhang Yuping and several friends discovered a strange phenomenon in the mobile Internet market: in terms of the promotion of mobile applications, the average cost of an effective App from installation to activation is generally 2-3 yuan, but the quote from most channels to App developers is often less than 1 yuan.

At that time, the channel structure was already stable, and there was no need to spend money crazily to increase market share through "price wars". Of course, no one wants to do business that loses money for a long time, so why do these channels sell at prices below cost?

[[198032]]

After analysis, they found that the counterfeiting team would use virtual machines, simulators, modified mobile phones and other means to reduce costs and create false data.

It is worth noting that the technology of the counterfeiting team has reached perfection. Not only can the device information be tampered with, but even user behavior data such as user retention and online time can be falsified to meet the developer's KPI.

The phenomenon of fraud has existed for a long time, resulting in higher promotion costs for mobile developers, inability to obtain valuable real users, and more than 90% fraud in basic data. Developers are unable to make correct decisions based on the data, and many start-ups have even lost their competitiveness and been forced out of the market.

How can mobile developers acquire valuable customers?

When it comes to technology, the principle is to capture the status of the device through technical means, identify the authenticity of the device, and curb counterfeiting.

• In order to solve the problem of fake APP promotion , it is necessary to detect channels and provide real-time data feedback within seconds. This can effectively identify virtual machines, duplications, updates, recalls and other behaviors.
• To solve the problem of fake registrations and fake accounts , as long as the authenticity of the device is accurately determined, the negative impact of advertisements and malicious information on the platform content can be eliminated.
• The problem of fake orders for discounts . Because the cost of virtual operator mobile phone numbers is relatively low, and the equipment counterfeiting technology, such as dynamically modifying equipment parameters, is very advanced, the losses caused by fake promotional offers are becoming increasingly larger. Therefore, it is particularly important to judge the authenticity of the equipment in real time and filter out fake orders.

Six terminal anti-counterfeiting technologies

The gray industry uses technology or tools to tamper with hardware information such as IMEI, MAC, device SN, Bluetooth address, IMSI, ICCID, etc. Enterprises can see many users, but the authenticity of the users is difficult to consider. In most cases, these fake users cannot be identified because the user information obtained is "real", but the validity needs to be verified. In view of this situation, Zhang Yuping introduced the following six terminal anti-counterfeiting technologies to us:

Equipment anti-counterfeiting identification

By sampling multi-dimensional hardware parameters and combining them with the massive information in the background device library, we can prevent device counterfeiting technology.

Active device information detection

Counterfeiters often hijack OS feedback and tamper with device information through software. Unlike device counterfeiting, this method is cheaper and more widely used.

The module probe program can be used to independently obtain device information without relying on operating system feedback, without being affected by any hijacking program, thus ensuring the accuracy and effectiveness of device information.

Simulator Identification

Using simulators to commit fraud is also the current trend of advanced fraud. As the simulation capabilities of simulators continue to improve, it is becoming increasingly difficult to identify simulators. Use memory address recognition technology to detect and kill known and unknown simulators.

Proxy server identification

Based on the dynamic proxy address IP library and massive terminal deployment, we can identify IP overlaps and concentrated appearances, and actively detect them, to achieve a minute-level dynamic proxy server library, and the proxy flashing mode will be identified.

Sensor status assessment

By analyzing massive amounts of data, we found that specific sensor information in mobile phones showed similar performance in groups, and cross-validated with other parameters to identify fraudulent behavior. We created models for the behavior of proximity sensors and motion sensors, and added horizontal data comparison to identify fraudsters.

Parameter compliance screening

As the mobile phone industry matures, copycat devices in the traditional sense no longer exist. Currently, even the lowest-priced mobile phones use universal chipset solutions (MTK or Huawei, Hisense).

Therefore, driven by these mobile phone chip manufacturers, verifying the validity of devices through the compliance of device information has become an important means. By performing compliance verification on the key IDs obtained and database behavior verification, various serial number devices can be blocked.

What are the difficulties in applying equipment identification technology?

When asked whether the existence of technologies such as transcoding, virtual desktops, front-end page conversion, and server-based middleware in the mobile field would cause any concerns about the future development of existing device identification technologies, Zhang Yuping said that he was asked in 2012 which technology would become mainstream, Web or Native. At that time, based on past experience, the answer was that it would be difficult for Web technology to become mainstream within five years. The reason was that the storage, computing, and graphics rendering capabilities of devices five years ago were much worse than those of today. It is difficult for ordinary application vendors to build an application suitable for PCs and mobile terminals using immature interaction methods, controls, and inefficient scripting languages.

Now, five years later, for mobile terminals, the future of Web technology is bright, but the road is tortuous and it is difficult to predict what the future will look like. First of all, standardization is still a long way off. For example, Alibaba has Weex and Tencent's mini-programs. Everyone has found that it is not easy to come up with a unified set of specifications with the same Native experience in an open and loose community. In the future, the process will still be led by non-commercial companies, and there is no hope of maturity within ten years. If it is led by a commercial company, there may still be hope, but it is only hope, because it also involves security and some specific capabilities of the local device. Interaction.

When asked whether existing technologies can be used to identify devices for some mobile applications based on HTML5 and Web technologies, Zhang Yuping said that it is still difficult at present, but some things complement each other. If one day when mobile applications built with Web technologies gain a relatively large market share, and there are still many false volumes as we are currently experiencing, then identifying false volumes will become an urgent matter, and naturally new solutions will emerge. As long as the problem exists, there will be technology providers.

Whose cake did anti-cheating move?

Zhang Yuping introduced to us that the development process of all companies is from small to large, from weak to strong, but the pace is slightly different. In this era, the more difficult the problem that can be solved by technology, the easier it is to solve, and the simpler the problem, the harder it is to solve. There is always a feeling that some links are not perfect. Zhang Yuping said that he has been a technical person for nearly 20 years and believes that there is no difficulty in technology. The difficulty is to find the right person. For example, it took half a year to recruit a person in charge of big data.

I have interviewed dozens of people and there are several reasons why they were abandoned during the recruitment process:

• At that time, I had enough ability, but not enough potential.
• The skills match, but the personal positioning is too high.
• Only know the technology but not the communication.

Compared with the difficulties of technology and recruitment, the biggest difficulty is that it affects the interests of some people. Zhang Yuping said that anti-cheating will definitely involve the interests of some people, and in the process of the company's development, it will also suffer various setbacks.

Future expectations: Every mobile device has an "ID card" in the mobile field

In the future, the most important thing to do is to enrich the use scenarios and fields of core technologies. "If you want to completely solve the problem of data fraud in the mobile Internet industry, you need to issue an ID card for every device in the mobile field." Zhang Yuping said this is also his vision.

[[198033]]

Senior mobile phone security technology expert, engaged in security research and development for more than ten years, and has more than 10 years of experience in mobile Internet security. In 2004, he began to build the first mobile terminal security research team in China. He has served as the head of the mobile security R&D team of Rising, NetQin, and Baidu. In May 2014, he participated in the creation of Digital Alliance and is currently the co-founder of Digital Alliance and serves as CTO.

If you are interested in submitting articles or seeking coverage, please contact [email protected]

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]