{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T12:01:11Z","timestamp":1768392071965,"version":"3.49.0"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T00:00:00Z","timestamp":1768348800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T00:00:00Z","timestamp":1768348800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61972082"],"award-info":[{"award-number":["61972082"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172202"],"award-info":[{"award-number":["62172202"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>With the popularization of smartphones, red packets have been widely used in mobile apps. However, the issues of fraud associated with them have also become increasingly prominent. As reported in user reviews from mobile app markets, many users have complained about experiencing red packet fraud and being persistently troubled by fraudulent red packets. To uncover this phenomenon, we conduct the first investigation into an extensive collection of user reviews on apps with red packets. In this paper, we first propose a novel automated approach, ReckDetector, for effectively identifying apps with red packets from app markets. We then collect over 360,000 real user reviews from 334 apps with red packets available on Google Play and three popular alternative Android app markets. We preprocess the user reviews to extract those related to red packets and fine-tune a pre-trained BERT model to identify negative reviews. Finally, based on semantic analysis, we have summarized six distinct categories of red packet fraud issues reported by users. Through our study, we found that red packet fraud is highly prevalent, significantly impacting user experience and damaging the reputation of apps. Moreover, red packets have been widely exploited by unscrupulous app developers as a deceptive incentive mechanism to entice users into completing their designated tasks, thereby maximizing their profits.<\/jats:p>","DOI":"10.1186\/s42400-025-00459-1","type":"journal-article","created":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T06:53:05Z","timestamp":1768373585000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Investigating red packet fraud in android applications: insights from user reviews"],"prefix":"10.1186","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3509-736X","authenticated-orcid":false,"given":"Yu","family":"Cheng","sequence":"first","affiliation":[]},{"given":"Xiaofang","family":"Qi","sequence":"additional","affiliation":[]},{"given":"Yanhui","family":"Li","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,14]]},"reference":[{"key":"459_CR1","doi-asserted-by":"publisher","unstructured":"Aljedaani W, Mkaouer MW, Ludi S, et\u00a0al (2022) Automatic classification of accessibility user reviews in android apps. In: CDMA. IEEE, pp 133\u2013138, https:\/\/doi.org\/10.1109\/CDMA54072.2022.00027","DOI":"10.1109\/CDMA54072.2022.00027"},{"issue":"4","key":"459_CR2","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1109\/TMC.2020.2966991","volume":"20","author":"C Cao","year":"2021","unstructured":"Cao C, Gao Y, Luo Y et al (2021) AdSherlock: efficient and deployable click fraud detection for mobile applications. IEEE Trans Mob Comput 20(4):128\u20131297. https:\/\/doi.org\/10.1109\/TMC.2020.2966991","journal-title":"IEEE Trans Mob Comput"},{"key":"459_CR3","doi-asserted-by":"publisher","unstructured":"Chen G, Meng W, Copeland JA (2019) Revisiting mobile advertising threats with madlife. In: Liu L, White RW, Mantrach A, et\u00a0al (eds) WWW. ACM, pp 207\u201321https:\/\/doi.org\/10.1145\/3308558.3313549","DOI":"10.1145\/3308558.3313549"},{"issue":"4","key":"459_CR4","doi-asserted-by":"publisher","first-page":"3406","DOI":"10.1109\/TDSC.2023.3329205","volume":"21","author":"Z Chen","year":"2024","unstructured":"Chen Z, Wu L, Hu Y et al (2024) Lifting the grey curtain: analyzing the ecosystem of android scam apps. IEEE Trans Dependable Secur Comput 21(4):3406\u20133421. https:\/\/doi.org\/10.1109\/TDSC.2023.3329205","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"459_CR5","doi-asserted-by":"publisher","first-page":"10411","DOI":"10.1016\/j.cose.2024.104117","volume":"148","author":"Y Cheng","year":"2025","unstructured":"Cheng Y, Qi X, Li Y et al (2025) Reckdroid: detecting red packet fraud in android apps. Comput Secur 148:10411. https:\/\/doi.org\/10.1016\/j.cose.2024.104117","journal-title":"Comput Secur"},{"key":"459_CR6","unstructured":"Daily S (2016) Wechat rife with red envelope scams. http:\/\/www.szdaily.com\/content\/2016-01\/13\/content_12729530.htm"},{"key":"459_CR7","doi-asserted-by":"publisher","unstructured":"Devlin J, Chang M, Lee K, et\u00a0al (2019) BERT: pre-training of deep bidirectional transformers for language understanding. In: Burstein J, Doran C, Solorio T (eds) NAACL-HLT. Association for Computational Linguistics, pp 4171\u2013418https:\/\/doi.org\/10.18653\/v1\/n19-1423","DOI":"10.18653\/v1\/n19-1423"},{"key":"459_CR8","doi-asserted-by":"publisher","unstructured":"Dong F, Wang H, Li L, et\u00a0al (2018) FraudDroid: Automated ad fraud detection for android apps. In: Leavens GT, Garcia A, Pasareanu CS (eds) ESEC\/FSE. ACM, pp 257\u201326https:\/\/doi.org\/10.1145\/3236024.3236045","DOI":"10.1145\/3236024.3236045"},{"key":"459_CR9","unstructured":"Google (2025a) Google cloud translation. https:\/\/cloud.google.com\/translate\/docs\/overview"},{"key":"459_CR10","unstructured":"Google (2025b) Google Play Store. https:\/\/play.google.com\/store\/apps"},{"issue":"7","key":"459_CR11","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/s10664-022-10222-6","volume":"27","author":"O Haggag","year":"2022","unstructured":"Haggag O, Grundy J, Abdelrazek M et al (2022) A large scale analysis of mhealth app user reviews. Empir Softw Eng 27(7):196. https:\/\/doi.org\/10.1007\/s10664-022-10222-6","journal-title":"Empir Softw Eng"},{"key":"459_CR12","doi-asserted-by":"publisher","unstructured":"Hu Y, Wang H, He R, et\u00a0al (2020) Mobile app squatting. In: Huang Y, King I, Liu T, et\u00a0al (eds) WWW. ACM \/ IW3C2, pp 1727\u20131738,https:\/\/doi.org\/10.1145\/3366423.3380243","DOI":"10.1145\/3366423.3380243"},{"key":"459_CR13","doi-asserted-by":"publisher","unstructured":"Hu Y, Wang H, Ji T, et\u00a0al (2021a) CHAMP: characterizing undesired app behaviors from user comments based on market policies. In: ICSE. IEEE, pp 933\u201394https:\/\/doi.org\/10.1109\/ICSE43902.2021.00089","DOI":"10.1109\/ICSE43902.2021.00089"},{"issue":"3","key":"459_CR14","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1109\/TDSC.2019.2908939","volume":"18","author":"Y Hu","year":"2021","unstructured":"Hu Y, Wang H, Zhou Y et al (2021) Dating with scambots: understanding the ecosystem of fraudulent dating applications. IEEE Trans Dependable Secur Comput 18(3):1033\u2013105. https:\/\/doi.org\/10.1109\/TDSC.2019.2908939","journal-title":"IEEE Trans Dependable Secur Comput"},{"key":"459_CR15","unstructured":"Huawei (2025) Huawei Market. https:\/\/appgallery.huawei.com"},{"issue":"1","key":"459_CR16","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/TMC.2020.3007260","volume":"21","author":"N Karunanayake","year":"2022","unstructured":"Karunanayake N, Rajasegaran J, Gunathillake A et al (2022) A multi-modal neural embeddings approach for detecting mobile counterfeit apps: a case study on google play store. IEEE Trans Mob Comput 21(1):16\u201330. https:\/\/doi.org\/10.1109\/TMC.2020.3007260","journal-title":"IEEE Trans Mob Comput"},{"issue":"6","key":"459_CR17","first-page":"90","volume":"1","author":"TM Kodinariya","year":"2013","unstructured":"Kodinariya TM, Makwana PR (2013) Review on determining number of cluster in k-means clustering. Int J Adv Res Comput Sci Manage Stud 1(6):90\u201395","journal-title":"Int J Adv Res Comput Sci Manage Stud"},{"issue":"4","key":"459_CR18","doi-asserted-by":"publisher","first-page":"955","DOI":"10.53106\/160792642023072404013","volume":"24","author":"W Le","year":"2023","unstructured":"Le W, Wang Y, Gao C et al (2023) Can app reviews help developers to improve mobile user interface design? J Internet Technol 24(4):955\u2013964. https:\/\/doi.org\/10.53106\/160792642023072404013","journal-title":"J Internet Technol"},{"key":"459_CR19","doi-asserted-by":"publisher","unstructured":"Li S, Guo J, Fan M, et\u00a0al (2020) Automated bug reproduction from user reviews for android applications. In: Rothermel G, Bae D (eds) ICSE-SEIP. ACM, pp 51\u20136https:\/\/doi.org\/10.1145\/3377813.3381355","DOI":"10.1145\/3377813.3381355"},{"key":"459_CR20","unstructured":"Liu B, Nath S, Govindan R, et\u00a0al (2014) DECAF: Detecting and characterizing ad fraud in mobile apps. In: Mahajan R, Stoica I (eds) NSDI. USENIX Association, pp 57\u201370"},{"key":"459_CR21","doi-asserted-by":"publisher","unstructured":"Liu T, Wang H, Li L, et\u00a0al (2019) DaPanda: Detecting aggressive push notifications in android apps. In: ASE. IEEE, pp 66\u201378,https:\/\/doi.org\/10.1109\/ASE.2019.00017","DOI":"10.1109\/ASE.2019.00017"},{"key":"459_CR22","doi-asserted-by":"publisher","unstructured":"Liu T, Wang H, Li L, et\u00a0al (2020) MadDroid: Characterizing and detecting devious ad contents for android apps. In: Huang Y, King I, Liu T, et\u00a0al (eds) WWW. ACM \/ IW3C2, pp 1715\u2013172https:\/\/doi.org\/10.1145\/3366423.3380242","DOI":"10.1145\/3366423.3380242"},{"key":"459_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2023.107261","volume":"161","author":"T Liu","year":"2023","unstructured":"Liu T, Wang C, Huang K et al (2023) Rosematcher: identifying the impact of user reviews on app updates. Inf Softw Technol 161:107261. https:\/\/doi.org\/10.1016\/j.infsof.2023.107261","journal-title":"Inf Softw Technol"},{"key":"459_CR24","doi-asserted-by":"crossref","unstructured":"Liu W, Zhang Y, Li Z, et\u00a0al (2016) What you see isn\u2019t always what you get: A measurement study of usage fraud on android apps. In: Lu L, Mannan M (eds) SPSM@CCS. ACM, pp 23\u201332","DOI":"10.1145\/2994459.2994472"},{"key":"459_CR25","doi-asserted-by":"publisher","unstructured":"Malisa L, Kostiainen K, Och M, et\u00a0al (2016) Mobile application impersonation detection using dynamic user interface extraction. In: Askoxylakis IG, Ioannidis S, Katsikas SK, et\u00a0al (eds) ESORICS, vol 9878. Springer, pp 217\u201323https:\/\/doi.org\/10.1007\/978-3-319-45744-4_11","DOI":"10.1007\/978-3-319-45744-4_11"},{"issue":"6","key":"459_CR26","doi-asserted-by":"publisher","first-page":"3316","DOI":"10.1007\/s10664-019-09706-9","volume":"24","author":"D Martens","year":"2019","unstructured":"Martens D, Maalej W (2019) Towards understanding and detecting fake reviews in app stores. Empir Softw Eng 24(6):3316\u20133355. https:\/\/doi.org\/10.1007\/s10664-019-09706-9","journal-title":"Empir Softw Eng"},{"key":"459_CR27","unstructured":"Olano F (2025) google-play-scraper. https:\/\/github.com\/facundoolano\/google-play-scraper"},{"key":"459_CR28","unstructured":"Paper T (2020) Turns out these links are fake red packets (in chinese). https:\/\/m.thepaper.cn\/newsDetail_forward_7382268"},{"key":"459_CR29","unstructured":"Paper T (2024) Beware of \u201cmoney-making\" app scams (in chinese)! https:\/\/www.thepaper.cn\/newsDetail_forward_28619001"},{"key":"459_CR30","unstructured":"Petruzzellis F, Testolin A, Sperduti A (2024) Benchmarking GPT-4 on algorithmic problems: A systematic evaluation of prompting strategies. In: Calzolari N, Kan M, Hoste V, et\u00a0al (eds) LREC\/COLING. ELRA and ICCL, pp 2161\u20132177"},{"key":"459_CR31","doi-asserted-by":"crossref","unstructured":"Rastogi V, Shao R, Chen Y, et\u00a0al (2016) Are these ads safe: Detecting hidden attacks through the mobile app-web interfaces. In: NDSS. The Internet Society, pp 1\u201315","DOI":"10.14722\/ndss.2016.23234"},{"key":"459_CR32","doi-asserted-by":"publisher","unstructured":"Reimers N, Gurevych I (2019) Sentence-bert: Sentence embeddings using siamese bert-networks. In: Inui K, Jiang J, Ng V, et\u00a0al (eds) EMNLP-IJCNLP. Association for Computational Linguistics, pp 3980\u20133990,https:\/\/doi.org\/10.18653\/V1\/D19-1410","DOI":"10.18653\/V1\/D19-1410"},{"key":"459_CR33","doi-asserted-by":"publisher","unstructured":"Satopaa V, Albrecht JR, Irwin DE, et\u00a0al (2011) Finding a \u201ckneedle\" in a haystack: Detecting knee points in system behavior. In: ICDCS 2011 Workshops. IEEE Computer Society, pp 166\u201317https:\/\/doi.org\/10.1109\/ICDCSW.2011.20","DOI":"10.1109\/ICDCSW.2011.20"},{"key":"459_CR34","doi-asserted-by":"publisher","unstructured":"Tang C, Chen S, Fan L, et\u00a0al (2019) A large-scale empirical study on industrial fake apps. In: Sharp H, Whalen M (eds) ICSE-SEIP. IEEE \/ ACM, pp 183\u201319https:\/\/doi.org\/10.1109\/ICSE-SEIP.2019.00028","DOI":"10.1109\/ICSE-SEIP.2019.00028"},{"key":"459_CR35","unstructured":"TechCrunch (2016) Traditional red envelopes are going digital thanks to china\u2019 s largest internet companies. https:\/\/techcrunch.com\/2016\/02\/08\/smartphone-hongbao\/"},{"key":"459_CR36","unstructured":"TechinAsia (2016) Look out for \u201clucky money\" scams on wechat during chinese new year. https:\/\/www.techinasia.com\/red-envelope-scams-on-wechat"},{"key":"459_CR37","unstructured":"Tencent (2025) Tencent Market. https:\/\/sj.qq.com"},{"key":"459_CR38","unstructured":"Virustotal (2025) Virustotal. https:\/\/www.virustotal.com"},{"issue":"12","key":"459_CR39","doi-asserted-by":"publisher","first-page":"2933","DOI":"10.1109\/TMC.2019.2934441","volume":"19","author":"R Wang","year":"2020","unstructured":"Wang R, Wang Z, Tang B et al (2020) Smartpi: understanding permission implications of android apps from user reviews. IEEE Trans Mob Comput 19(12):2933\u20132945. https:\/\/doi.org\/10.1109\/TMC.2019.2934441","journal-title":"IEEE Trans Mob Comput"},{"key":"459_CR40","unstructured":"Wikipedia (2025a) Alipay. https:\/\/en.wikipedia.org\/wiki\/Alipay"},{"key":"459_CR41","unstructured":"Wikipedia (2025b) Tf-idf. https:\/\/en.wikipedia.org\/wiki\/Tf-idf"},{"key":"459_CR42","unstructured":"Wikipedia (2025c) Wechat red envelope. https:\/\/en.wikipedia.org\/wiki\/WeChat_red_envelope"},{"key":"459_CR43","unstructured":"Xiaomi (2025) Xiaomi Market. https:\/\/app.mi.com"},{"key":"459_CR44","doi-asserted-by":"publisher","unstructured":"Zhang J, Zhou J, Hua J et al (2025) Mining user privacy concern topics from app reviews. J Syst Softw 22. https:\/\/doi.org\/10.1016\/j.jss.2025.112355","DOI":"10.1016\/j.jss.2025.112355"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00459-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00459-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00459-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T06:53:10Z","timestamp":1768373590000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00459-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,14]]},"references-count":44,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["459"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00459-1","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,14]]},"assertion":[{"value":"5 May 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"We declare that we have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"104"}}