Mobile ads have become a major source of income, allowing developers to reach more people. Unfortunately, the ecosystem is now more vulnerable to attacks due to the lack of proper screening of these advertisements. A new study found that users who download apps through promotional advertisements have chances of being exposed to malware hundreds of times higher than those who acquire apps straight from Google Play.
Mobile apps rule the digital landscape in today’s hyper-connected society. In-app promotion ads have become very effective for app discovery and monetization. About 60% of apps now run advertisements. However, many remain unaware of the threat of malware hidden in ads.
A recent study at the NDSS Symposium 2025 highlighted the negative aspects of these ostensibly harmless advertisements.
In their presentation titled “Be Careful About What App Promotion Ads Recommend! Detecting and Explaining Malware Propagation via App Promotion,”
Shang Ma, Chaoran Chen, Shao Yang, and their colleagues examine how malevolent actors use app promotion advertisements to spread malware and present a ground-breaking detection methodology called ADGPE to counter this danger.
A Significant Threat Hidden in Plain Sight
Mobile ads have become a substantial source of income, giving developers access to wider audiences. However, attackers have been able to enter the ecosystem due to the lack of proper screening of these advertisements.
The study found that consumers who download programs through promotion ads have a higher chance of being exposed to malware than those who download apps straight from Google Play.
Millions of devices worldwide are at risk since well-known ad networks like Google AdMob, Unity Ads, and AppLovin are linked to these scams. The researchers showed that criminal developers frequently insert custom-made advertisements or alter ad libraries to spread aggressive adware, rogue security software, trojans, and fleeceware.
It is a serious cybersecurity concern since this covert strategy takes advantage of users’ faith in reliable platforms and apps.
Presenting ADGPE: A Revolutionary Approach to Malware Detection
The research team presented a solution named ADGPE, which is a revolutionary solution that combines graph learning approaches with dynamic app user interface (UI) exploration, to address this emerging threat.
This method offers unmatched insights into the app promotion ecosystem by locating, examining, and explaining the marketing strategies used by malicious apps. ADGPE can methodically investigate complex app interfaces thanks to its dynamic UI exploration mechanism. It guarantees wider detection coverage by revealing hidden app promotion adverts that conventional static analysis frequently overlooks. Additionally, by mapping the connections between apps, ad networks, and promoted content, its graph learning integration creates an extensive app promotion graph. ADGPE outperforms current methods in malware detection with an astounding 95.31% F1 score thanks to the use of sophisticated graph neural networks.
Take a Look At The Research
The researchers examined more than 18,000 app promotion advertisements and discovered important information on how malware propagates inside this ecosystem. Customized advertisements, which developers embed directly inside programs, act as controlled environments for the spread of malware. Ad library-based advertising, on the other hand, uses dynamic ad servers like AdMob and AppLovin to spread dangerous content to unsuspecting people.
These methods demonstrate how adaptable and extensive malware distributors are in the ecosystem of app promotion.
ADGPE’s analysis shows that downloading apps directly from an app promotion advertisement is not nearly as secure as downloading from the official marketplaces.
The actual implementation of ADGPE revealed a lot of hidden dangers. Trojan programs that pose as photo editors or dictionaries, for example, have been discovered to carry out harmful tasks like data theft. Similar to this, rogue security software deceitfully claimed to improve device security while pressuring users into making needless purchases, while aggressive adware used intrusive advertising tactics to gather personal information.
These findings confirm the effectiveness of ADGPE and its contribution to improving cybersecurity practices.
The Need For Collaborative Action
It is crucial to adopt collaborative efforts to safeguard the app promotion ecosystem and prevent the threats highlighted by this ground-breaking study. Ad networks need to put stronger screening procedures in place to stop users from seeing fraudulent adverts. Developers must be held responsible for the content that is advertised on their applications, guaranteeing openness and honesty in their procedures.
It’s also imperative to inform users about the dangers of app promotion ads. A safer online environment can be promoted by the industry by advising consumers to confirm app providers and depend on reliable security technologies.
An Outlook On The Future
The researchers hope to improve ADGPE by incorporating more advanced AI approaches and expanding its use to a variety of app markets, in the future.
ADGPE hopes that doing that will help cement its position as a pillar in the fight against ad-based malware and safeguarding the digital ecosystem.
