Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ModZoo: A Large-Scale Study of Modded Android Apps and their Markets

Luis A. Saavedra, Hridoy S. Dutta, Alastair R. Beresford, Alice Hutchings

TL;DR

ModZoo addresses the economic and security implications of modded Android app markets by conducting the first large-scale static analysis of $146{,}162$ modded APKs from $13$ markets and matching them to Google Play counterparts. Using Apktool, keytool, and a custom ad-library safelist, the authors extract metadata, permissions, ad libraries, and IAPs, culminating in a public ModZoo dataset that enables direct modded-vs-official comparisons. They find that around $90 ext{%}$ of modded apps are modified, with significant revenue implications (e.g., pirated apps contributing to an estimated Google Play lifetime revenue of $2.28$B) and heightened user-security risks (e.g., $6.82 ext{%}$ of modded apps flagged as malicious). The study highlights how market operators monetize through ads, sponsored content, and altered ad IDs, while also revealing widespread code and permission modifications that can undermine user privacy and safety. These findings have practical impact for developers, regulators, and researchers and underscore the need for mechanisms to balance user choice with protection of developer revenues and platform integrity.

Abstract

We present the results of the first large-scale study into Android markets that offer modified or modded apps: apps whose features and functionality have been altered by a third-party. We analyse over 146k (thousand) apps obtained from 13 of the most popular modded app markets. Around 90% of apps we collect are altered in some way when compared to the official counterparts on Google Play. Modifications include games cheats, such as infinite coins or lives; mainstream apps with premium features provided for free; and apps with modified advertising identifiers or excluded ads. We find the original app developers lose significant potential revenue due to: the provision of paid for apps for free (around 5% of the apps across all markets); the free availability of premium features that require payment in the official app; and modified advertising identifiers. While some modded apps have all trackers and ads removed (3%), in general, the installation of these apps is significantly more risky for the user than the official version: modded apps are ten times more likely to be marked as malicious and often request additional permissions.

ModZoo: A Large-Scale Study of Modded Android Apps and their Markets

TL;DR

ModZoo addresses the economic and security implications of modded Android app markets by conducting the first large-scale static analysis of modded APKs from markets and matching them to Google Play counterparts. Using Apktool, keytool, and a custom ad-library safelist, the authors extract metadata, permissions, ad libraries, and IAPs, culminating in a public ModZoo dataset that enables direct modded-vs-official comparisons. They find that around of modded apps are modified, with significant revenue implications (e.g., pirated apps contributing to an estimated Google Play lifetime revenue of B) and heightened user-security risks (e.g., of modded apps flagged as malicious). The study highlights how market operators monetize through ads, sponsored content, and altered ad IDs, while also revealing widespread code and permission modifications that can undermine user privacy and safety. These findings have practical impact for developers, regulators, and researchers and underscore the need for mechanisms to balance user choice with protection of developer revenues and platform integrity.

Abstract

We present the results of the first large-scale study into Android markets that offer modified or modded apps: apps whose features and functionality have been altered by a third-party. We analyse over 146k (thousand) apps obtained from 13 of the most popular modded app markets. Around 90% of apps we collect are altered in some way when compared to the official counterparts on Google Play. Modifications include games cheats, such as infinite coins or lives; mainstream apps with premium features provided for free; and apps with modified advertising identifiers or excluded ads. We find the original app developers lose significant potential revenue due to: the provision of paid for apps for free (around 5% of the apps across all markets); the free availability of premium features that require payment in the official app; and modified advertising identifiers. While some modded apps have all trackers and ads removed (3%), in general, the installation of these apps is significantly more risky for the user than the official version: modded apps are ten times more likely to be marked as malicious and often request additional permissions.
Paper Structure (39 sections, 6 figures, 3 tables)

This paper contains 39 sections, 6 figures, 3 tables.

Table of Contents

  1. Research Questions and Methodology
  2. Identifying and ranking modded markets
  3. Nomenclature
  4. ModZoo dataset collection
  5. Static analysis methodology
  6. Modded apps Google Play matching
  7. Ethics
  8. The modded app ecosystem
  9. Analysis of modded apps and markets
  10. Categories and features
  11. Modded features
  12. Paid (pirated) apps
  13. In-App purchases (IAPs)
  14. Countermeasures and market changes
  15. Case study
  16. ...and 24 more sections

Figures (6)

  • Figure 1: Distribution of Google Play app categories in the modded markets and Google Play
  • Figure 2: Google Play paid apps and IAPs price CDF.
  • Figure 3: Permissions and ad library changes in code-identical and code-modded apps.
  • Figure 4: Distribution of ad libraries in original and modded apps and modded permissions.
  • Figure 5: Distribution of permissions and advertiser IDs in modded apps with ad libraries.
  • ...and 1 more figures