Droidmarking: resilient software watermarking for impeding android application repackaging

Software plagiarism in Android markets (app repackaging) is raising serious concerns about the health of the Android ecosystem. Existing app repackaging detection techniques fall short in detection efficiency and in resilience to circumventing attacks; this allows repackaged apps to be widely propagated and causes extensive damages before being detected. To overcome these difficulties and instantly thwart app repackaging threats, we devise a new dynamic software watermarking technique - Droidmarking - for Android apps that combines the efforts of all stakeholders and achieves the following three goals: (1) copyright ownership assertion for developers, (2) real-time app repackaging detection on user devices, and (3) resilience to evading attacks. Distinct from existing watermarking techniques, the watermarks in Droidmarking are non-stealthy, which means that watermark locations are not intentionally concealed, yet still are impervious to evading attacks. This property effectively enables normal users to recover and verify watermark copyright information without requiring a confidential watermark recognizer. Droidmarking is based on a primitive called self-decrypting code (SDC). Our evaluations show that Droidmarking is a feasible and robust technique to effectively impede app repackaging with relatively small performance overhead.

[1]  Sencun Zhu,et al.  A Framework for Evaluating Mobile App Repackaging Detection Algorithms , 2013, TRUST.

[2]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Xiangyu Zhang,et al.  Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques , 2012, ESSoS.

[4]  Jasvir Nagra,et al.  Threading Software Watermarks , 2004, Information Hiding.

[5]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[6]  Ramarathnam Venkatesan,et al.  A Graph Theoretic Approach to Software Watermarking , 2001, Information Hiding.

[7]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[8]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[9]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[10]  Christian S. Collberg,et al.  Sandmark--A Tool for Software Protection Research , 2003, IEEE Secur. Priv..

[11]  Christian S. Collberg,et al.  Software watermarking: models and dynamic embeddings , 1999, POPL '99.

[12]  Sencun Zhu,et al.  Behavior based software theft detection , 2009, CCS.

[13]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[14]  Peng Liu,et al.  Achieving accuracy and scalability simultaneously in detecting application clones on Android markets , 2014, ICSE.

[15]  Michael Stepp,et al.  Dynamic path-based software watermarking , 2004, PLDI '04.

[16]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[17]  Hao Chen,et al.  AnDarwin: Scalable Detection of Semantically Similar Android Applications , 2013, ESORICS.

[18]  Christian S. Collberg,et al.  Detecting Software Theft via Whole Program Path Birthmarks , 2004, ISC.

[19]  Hui Zang,et al.  AdRob: examining the landscape and impact of android application plagiarism , 2013, MobiSys.

[20]  Christian S. Collberg,et al.  Software Watermarking Through Register Allocation: Implementation, Analysis, and Attacks , 2003, ICISC.

[21]  Jens Palsberg,et al.  Experience with software watermarking , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[22]  Steve Hanna,et al.  Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications , 2012, DIMVA.

[23]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[24]  William Zhu,et al.  Concepts and techniques in software watermarking and obfuscation , 2007 .