This study systematically identifies five categories of stealthy, misleading pop-up windows (Sneaky PoWs) in mobile applications—such as textual obfuscation, UI spoofing, and forced interaction—defining and empirically validating their existence for the first time in real-world app ecosystems. Method: We propose Poker, an end-to-end automated analysis framework integrating dynamic instrumentation, UI traversal, OCR-based text recognition, and rule-driven decision logic to enable precise detection, context-aware automatic dismissal, and large-scale collection of Sneaky PoWs. Contribution/Results: Evaluated on the top 100 apps in both China and the U.S., Poker detects Sneaky PoWs in over 65% of shopping and video apps. It achieves 92% precision, 89% recall, and successfully dismisses 88% of identified pop-ups, demonstrating strong robustness. This work establishes the first scalable, reproducible analytical paradigm and practical toolset for detecting UI-level deception in mobile applications.

In mobile applications, Pop-up window (PoW) plays a crucial role in improving user experience, guiding user actions, and delivering key information. Unfortunately, the excessive use of PoWs severely degrades the user experience. These PoWs often sneakily mislead users in their choices, employing tactics that subtly manipulate decision-making processes. In this paper, we provide the first in-depth study on the Sneaky patterns in the mobile ecosystem. Our research first highlights five distinct Sneaky patterns that compromise user experience, including text mislead, UI mislead, forced action, out of context and privacy-intrusive by default. To further evaluate the impact of such Sneaky patterns at large, we developed an automated analysis pipeline called Poker, to tackle the challenges of identifying, dismissing, and collecting diverse PoWs in real-world apps. Evaluation results showed that Poker achieves high precision and recall in detecting PoWs, efficiently dismissed over 88% of PoWs with minimal user interaction, with good robustness and reliability in comprehensive app exploration. Further, our systematic analysis over the top 100 popular apps in China and U.S. revealing that both regions displayed significant ratios of Sneaky patterns, particularly in promotional contexts, with high occurrences in categories such as shopping and video apps. The findings highlight the strategic deployment of Sneaky tactics that compromise user trust and ethical app design.