Social Media Users Send Promotional Links to Strangers: Legitimate Promotion or Security Vulnerability?

Nowadays, many users make money by publishing content on social media platforms. In order to attract users' attention, they often take measures to promote themselves. The security vulnerabilities in social media platforms may provide convenience for their user promotion work. We call this type of vulnerability the user promotion security vulnerability (UPSV). UPSV may cause unfair competition and endanger the interests of legitimate users and the social media platforms. Therefore it has great research significance to find and fix this vulnerability. In this paper, we propose a UPSV which widely exists in the function of sending messages to strangers of in-app chatting of many social media platforms. We first analyzed this vulnerability in some apps, and then YY app (China's largest live streaming platform) was chosen as the research object to verify the actual effect of the vulnerability on illegitimate user promotion. We took the method of promoting a target YY streamer through sending promotional links to viewers, and to improve promotion effect, we used the method of user preference learning to select viewers for promotion. The experimental results show that among the promoted viewers, more than 44% entered the target streamers' channels to watch live streaming, more than 21% followed the target steamers, and more than 13% gave gifts to the target steamers. It fully proves that this UPSV is real, exploitable and harmful, and we also proposed some fix suggestions to help the platforms to fix it.