Payment-Guard: Detecting fraudulent in-app purchases in iOS system

Abstract As a successful business model, “in-app purchase” has been adopted by massive applications (Apps) gradually. Users can purchase various virtual goods in different kinds of Apps, such as the license to download movies or songs. In-app purchase helps App operators gain huge income, and meanwhile provides users with flexibility in using Apps. Recently, iOS Apps have suffered the attack of fraudulent purchase. Attackers leverage the vulnerabilities in iOS payment system to purchase virtual goods at zero or low cost. More seriously, unscrupulous attackers solicit customers publicly and provide purchasing services, which has caused huge financial loss to business entities. It becomes of great importance to detect the fraudulent in-app purchases in iOS Apps, and then take measures such as confiscating goods to minimize profit loss. In this paper, we propose a system called Payment-Guard to achieve this objective, which designs various features to characterize a purchase from four perspectives including App account behavior, device behavior, IP behavior and union behavior of (App account, device, IP), then conducts detection based on the features. We perform comprehensive experiments based on data collected from “Honor of Kings” App, which is one of the most famous MOBA games in China and allows players to recharge App accounts for virtual currency. Experimental results demonstrated that Payment-Guard can detect 92.2% malicious in-app purchases and with only 2% false positive rate.