Exposing misconduct on free online platforms: a study of mobile apps, web games, and social networks

<p dir="ltr">In the contemporary digital landscape, the perceived assurances regarding safety, security, privacy, and authenticity associated with freely accessible online platforms can significantly deviate from reality due to concealed threats. This thesis is dedicated to unveiling these relatively unexplored risks within the less-investigated domains of free online platforms, including mobile applications, web games, and the well-established social network, Twitter (re-branded as X)1. Despite offering a wide array of complimentary services, these platforms remain susceptible to risks, underscoring the critical importance of exposing misconducts that have the potential to undermine user engagement and safety.</p><p dir="ltr">Our research commenced with a comprehensive analysis of free mobile applications within the Android ecosystem. We scrutinized 7,048 free Android mobile apps, conducting a meticulous examination of their dependency chains and closely inspecting third-party resources and potential malicious inclusions facilitated by implicit trust. Surprisingly, nearly 94% of these apps, boasting over 500,000 installations, retrieved resources from sources implicitly trusted by developers. Of particular concern were JavaScript codes, which introduced vulnerabilities in 92.3% of the apps under scrutiny. The identification of 1.18% of third-party resources as suspicious using VirusTotal raises significant concerns about app development practices, emphasizing the need for a thorough assessment of in-app third-party resources.</p><p dir="ltr">Expanding our research scope, this thesis delved into the realm of free web games and their websites, where we unveiled substantial privacy concerns faced by users. We compiled a dataset comprising 22 unique websites offering free web games and gathered metadata from a staggering 100,000 individual games. The identified risks encompassed various issues, including questionable third-party ads designed for revenue generation, sporadic instances of objectionable content, persistent tracking methods, and a noticeable absence of clear privacy policies. These findings underscore substantial concerns regarding privacy practices within popular web game websites.</p><p dir="ltr">Within the domain of freely accessible social platforms, Twitter has emerged as a central hub for news, politics, connections, and shared interests through the use of hashtags and tweet content. However, it contends with a notable presence of toxic content. This thesis looked into the realm of toxic Twitter profiles to develop a comprehensive understanding of their behavior. We assembled a comprehensive dataset comprising 143,000 Twitter profiles and their corresponding timeline data, spanning 293 million tweets over 16 years of platform activity.</p><p dir="ltr">Our initial analysis centered on the top 1% most toxic Twitter profiles over time, providing insights into their tweeting frequency, favored hashtags, shared URLs, profile details, and Botometer scores. This detailed examination offered a deeper understanding of the behavior exhibited by these highly toxic profiles on the platform.</p><p dir="ltr">Subsequently, our investigation explored the unique tweeting patterns exhibited by consistently toxic profiles on Twitter, profiles that adeptly evade moderation efforts. We analyzed their temporal activity, “burstiness” intervals, and churn behavior to establish the correlation between toxicity and tweeting patterns. This methodology, transferable to various online platforms, now offers an effective method for identifying persistently toxic profiles based on their posting behaviors.</p><p dir="ltr">Moreover, our focus shifted to Twitter profiles concealing polarizing agendas that appeared genuine but aimed to propagate toxicity about particular topics i.e., politics and such. Our analysis of content and activity revealed that highly diverse thematic clusters were primarily responsible for generating selective toxic content, often centering on sensitive subjects such as politics, health, and news. These clusters, designated as “on-mission” profiles, were successfully classified using a linear SVM model trained on a diverse set of profiles, achieving a remarkable 100% accuracy rate in detecting these covert “on-mission” profiles within real-world data.</p><p dir="ltr">In conclusion, this thesis has conducted a comprehensive and thorough examination of the prevalent misconduct observed across various freely accessible digital platforms. The importance of these identified risks cannot be overstated; our study has not only revealed their widespread presence but also emphasized the urgent need to strengthen user trust and safety in the digital realm. By consistently focusing our investigation on the principles of privacy, security, and genuine user interactions within this intricate and constantly evolving digital landscape, we have made substantial contributions that extend beyond individual user experiences.</p><p dir="ltr">Our commitment to transparency and knowledge dissemination has been a fundamental aspect of this research effort. We have provided unrestricted access to both the rigorously developed code and the extensive datasets that have served as the foundation of this comprehensive investigation. In an era marked by continual technological evolution, our work serves as a vital guidepost, reminding us of the persistent challenges and profound responsibilities involved in navigating this dynamic and multifaceted terrain of the digital world in general and free digital platforms in particular.</p><p dir="ltr">Looking ahead, our findings not only inform future research endeavors but also empower users and stakeholders with the insights and tools needed to navigate this ever-changing free online digital landscape confidently and securely.</p>