WiFi networks are vulnerable to rogue AP attacks in which an attacker sets up an imposter AP to lure mobile users to connect. The attacker can eavesdrop on the communication, severely threatening users’ privacy. Existing rogue AP detection solutions are confined to some specific attack scenarios (e.g., by relaying the traffic to a target AP) or require additional hardware. In this paper, we propose a crowdsensing based approach, named CRAD, to detect rogue APs in camouflage without specialized hardware requirement. CRAD exploits the spatial correlation of RSS to identify a potential imposter, which should be at a different location from the legitimate one. The RSS measurements collected from the crowd facilitate a robust profile and minimize the inaccuracy effect of a single RSS value. As a result, CRAD can filter out abnormal samples sensed in the realtime by dynamically matching the profile. We evaluate our approach with both a public dataset and a real prototype. The results show that CRAD can yield 90% detection accuracy and precision with proper crowd presence, even when the rogue AP is launched close to the legitimate one (e.g., within 1m).