Abstract
Third-party apps are a major reason for the popularity and addictiveness of Facebook. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. The problem is already significant, as system find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns.In this paper, system ask the question: Given a Facebook application, can system determine if it is malicious? Our key contribution is in developing FRAppE—Facebook‟s Rigorous Application Evaluator—arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, system use information gathered by observing the posting behavior of 111K Facebook apps seen across 2.2 million users on Facebook. First, system identify a set of features that help us distinguish malicious apps from benign ones. For example, system find that malicious apps often share names with other apps, and they typically request fewer permissions than benign apps. Second, leveraging these distinguishing features, system show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a high true positive rate (95.9%). Finally, system explore the ecosystem of malicious Facebook apps and identify mechanisms that these apps use to propagate. Interestingly, system find that many apps collude and support each other; in our dataset, system find 1584 apps enabling the viral propagation of 3723 other apps through their posts. Long term, system see FRAppE as a step toward creating an independent watchdog for app assessment and ranking, so as to warn Facebook users before installing apps.