Discovering of Alternative Marketplaces on the Web for Mobile App Security Monitoring Massimo Guarascio 1 , Ettore Ritacco 1 , Francesco S. Pisani 1 , Daniele Biondo 2 , Rocco Mammoliti 2 and Alessandra Toma 2 1 Institute for High Performance Computing and Networking of the Italian National Research Council (ICAR - CNR), Italy 2 Poste Italiane, Rome, Italy Abstract. Brand reputation is an open issue for several companies de- livering services through dedicated apps. The latter are often targeted by malicious developers who spread unauthorized (fake, malicious, obso- lete or deprecated) versions through alternative distribution channels and app stores. The aim of the work is the early detection of these alternative markets advertised through social media such as Twitter of Facebook or hosted in the Dark Web. Specifically, we propose a semi-automatic ap- proach to monitor these media and to recommend web pages that are likely to represent alternative marketplaces. The underlying predictive platform allows to analyze web pages extracted from the Web and ex- ploits an ensemble classification model to distinguish between real app stores and similar pages (i.e. blogs, forums, etc.) which can be erroneously returned by a common search engine. An experimental evaluation on a real dataset confirms the validity of the approach in terms of accuracy. 1 Introduction Nowadays, smartphones and tablets are widespread devices used by millions of users. Their popularity is mainly due to their reduced dimensions and the avail- ability of a wide range of useful applications provided by marketplaces and app stores. A major threat for such devices is the exposure to counterfeit apps which can compromise the security of the devices and eventually the reputation of the original developer. Indeed, unaware users might install unauthorized (e.g. fake, malicious, obsolete and deprecated) apps, which can potentially harm the device and consequently the brand reputation of the copyright owner. There’s an ex- ponential growth of virus and trojans able to attack commonly used devices [3]. It is quite easy to develop variants of well-known malware [2], and many pop- ular security tools are not able to counteract common malware transformation techniques [18]. In many cases, these malicious programs are disguised as popular apps spread- ing via official or alternative market places (e.g. Amazon app store for Android 3 ). As an example [4], in July 2016 approximately two hundred mobile apps were diffused as an official version of the Pok´ emon Go game, 4 most of which being 3 https://www.amazon.com/mobile-apps/b?ie=UTF8&node=2350149011 4 http://www.pokemongo.com/