Why Biting the Bait? Understanding Bait and Switch UI Dark Patterns in Mobile Apps
摘要
Mobile applications (apps) heavily rely on user interfaces (UIs) to enhance user experiences. However, despite these benefits, many UIs have been reported to incorporate deceptive practices, collectively known as dark patterns, to manipulate users’ decision-making processes. One highly manipulative pattern undermining user autonomy is the “Bait and Switch” (BnS) pattern, which initially presents bait (e.g., low-cost services) to attract users, then deceptively switches to different, often unwanted content (e.g., high-priced products or UIs that gather user personal data). Through the manipulation of user behaviors, BnS raises serious concerns related to security, privacy, financial safety, and more. A systematic identification, analysis, and understanding of BnS in mobile platforms have not yet been conducted. To bridge this gap, we propose BaitHunter – a general analytical framework for BnS. BaitHunter is driven by the key observation that BnS usually exhibits inconsistent semantics between the bait and the subsequent content. It leverages a novel combination of image processing techniques and large language models (LLMs) to capture and reason about the semantic features of app UIs. Our evaluation results demonstrate that BaitHunter is highly effective in identifying BnS, with a precision of 0.867, a recall of 0.938, and an F1-score of 0.901. We applied BaitHunter to a dataset containing 306 U.S. and 306 Chinese apps and found 774 potential instances of BnS, with 270 (44.1%) of the apps containing at least one BnS instance. Analyzing these BnS instances makes it possible to better characterize, understand how much today’s users are manipulated by the apps, and for what (illicit) purposes, e.g., unexpected data collection and use, and illicit profits for the app developers, etc.