ARCHIVES

Our Project investigates the ecosystem of scam apps in the Android environment, uncovering their mechanisms, identifying vulnerabilities, and proposing effective countermeasures. By analyzing app behaviors and permissions, the project identifies how malicious developers embed deceptive functionalities, exploit API keys, and misuse legitimate services for fraudulent purposes. we analyzed a dataset of Android applications flagged as potentially harmful by security platforms. Using dynamic and static analysis tools, we mapped the behavior of these applications, focusing on permissions, API usage, and network communication patterns. A key finding reveals that scam apps often leverage hard-coded API keys to generate fraudulent requests, manipulate data, or access unauthorized resources. These API keys, typically extracted from the app’s source code, enable attackers to bypass authentication measures, resulting in significant security breaches. further evaluates methods to detect and mitigate these threats, including machine learning techniques for anomaly detection, code obfuscation analysis, and real-time monitoring of API traffic. Our findings suggest that a multi-layered security framework, combined with proactive monitoring by app marketplaces, can significantly reduce the prevalence of scam apps.