CHAMELEOSCAN: Demystifying and Detecting iOS Chameleon Apps via LLM-Powered UI Exploration
Hongyu Lin
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Usable Security
Hongyu Lin (presenting as co-first author) from Zhejiang University introduces ChameleoScan, the first **LLM-powered automated detection system** for iOS chameleon apps -- applications that appear legitimate during app store review but reveal hidden illicit functionality after installation. Through a systematic study of **500 manually collected chameleon samples**, the researchers built the first taxonomy of **10 transformation methods** across 4 categories. ChameleoScan uses LLM-driven UI exploration to dynamically trigger and detect transformations, achieving **100% precision** (zero false positives) with approximately **96% recall** on known samples, and discovering **150 new chameleon apps** plus **128 additional suspicious apps** on live app stores. Each app analysis costs approximately **$0.10** and takes about **2 minutes**, making the system practical for large-scale deployment.
AI review
A well-engineered LLM-powered system that detects iOS apps hiding illicit functionality behind benign facades. The 100% precision on a 467-app benchmark and discovery of 150 new chameleon apps on live stores demonstrate practical value. The taxonomy of 10 transformation methods is a useful contribution. Not offensive research, but solid applied security engineering with real-world impact.