论文信息 - APPraiser: A Large Scale Analysis of Android Clone Apps

APPraiser: A Large Scale Analysis of Android Clone Apps

Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps “clones.” However, there are apps that are not clones but are similar to each other. We call such apps “relatives.” In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives, while in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware. key words: mobile security, Android, repackaging, large-scale data

Mitsuaki Akiyama | Takuya Watanabe | Tatsuya Mori | Yuta Ishii

[1] Jason Nieh,et al. A measurement study of google play , 2014, SIGMETRICS '14.

[2] Yiming Yang,et al. A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[3] Mitsuaki Akiyama,et al. Understanding the Inconsistencies between Text Descriptions and the Use of Privacy-sensitive Resources of Mobile Apps , 2015, SOUPS.

[4] Yajin Zhou,et al. Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[5] Yajin Zhou,et al. Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[6] Mitsuaki Akiyama,et al. Clone or Relative?: Understanding the Origins of Similar Android Apps , 2016, IWSPA@CODASPY.

[7] Hao Chen,et al. Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[8] Hans-Peter Kriegel,et al. A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[9] Olga Gadyatskaya,et al. FSquaDRA: Fast Detection of Repackaged Applications , 2014, DBSec.

[10] Zhen Huang,et al. PScout: analyzing the Android permission specification , 2012, CCS.