Hongyu Lin (Zhejiang University), Yicheng Hu (Zhejiang University), Haitao Xu (Zhejiang University), Yanchen Lu (Zhejiang University), Mengxia Ren (Zhejiang University), Shuai Hao (Old Dominion University), Chuan Yue (Colorado School of Mines), Zhao Li (Hangzhou Yugu Technology), Fan Zhang (Zhejiang University), Yixin Jiang (Electric Power Research Institute, CSG)

Chameleon apps evade iOS App Store review by presenting legitimate functionality during submission while transforming into illicit variants post-installation. While prevalent, their underlying transformation methods and developer-user collusion dynamics remain poorly understood. Existing detection approaches, constrained by static analysis or metadata dependencies, prove ineffective against hybrid implementations, novel variants, or metadata-scarce instances. To address these limitations, we establish a curated dataset of 500 iOS Chameleon apps collected through covert distribution channels, enabling systematic identification of 10 categories of distinct transformation patterns (including 4 previously undocumented variants). Building upon these findings, we present ChameleoScan, the first LLM-driven automated UI exploration framework for reliable Chameleon app verification. The system maintains local decision interpretability while ensuring global detection consistency through its core innovation - predictive metadata analytics, semantic interface comprehension, and human-comparable interaction strategies. Comprehensive evaluation on 1,644 iOS apps demonstrates operational efficacy (9.85% detection rate, 92.59% precision), with findings formally acknowledged by Apple. Implementation and datasets are available at https://github.com/ChameleoScan.

View More Papers

DirtyFree: Simplified Data-Oriented Programming in the Linux Kernel

Yoochan Lee (Max Planck Institute for Security and Privacy), Hyuk Kwon (Theori, Inc.), Thorsten Holz (Max Planck Institute for Security and Privacy)

Read More

Trust Me, I Know This Function: Hijacking LLM Static...

Shir Bernstein (Ben-Gurion University of the Negev, Israel), David Beste (CISPA Helmholtz Center for Information Security, Germany), Daniel Ayzenshteyn (Ben-Gurion University of the Negev, Israel), Lea Schönherr (CISPA Helmholtz Center for Information Security, Germany), Yisroel Mirsky (Ben-Gurion University of the Negev, Israel)

Read More

Distributed Broadcast Encryption for Confidential Interoperability across Private Blockchains

Angelo De Caro (IBM Research Zurich), Kaoutar Elkhiyaoui (IBM Research Zurich), Sandeep Nishad (IBM Research India), Sikhar Patranabis (IBM Research India), Venkatraman Ramakrishna (IBM Research India)

Read More