AppIS: Protect Android Apps Against Runtime Repackaging Attacks

Apps repackaged through reverse engineering pose a significant security threat to the Android smart phone ecosystem. Previous solutions have mostly focused on the detection and identification of repackaged apps. Nevertheless, current app anti-repackaging services can only protect applications at a coarse level and get a significant performance overhead. These approaches can neither meet the performance requirements of Android nor achieve fine-grained protection against cumulative attack 1 at the same time. Specifically, these solutions rely on a fix-structure detecting engine and then will execute the same path at different times, which lead to the entire protection performs poorly when faced with dynamic cumulative attack, which is typical in real-world attack. This paper introduces AppIS, a reinforced anti-repackaging immune system, that is robust to app-repackaging attack scenarios. Unlike prior work, which mostly focuses on simple protection only from just one respect, our design exploits an interlocking guarding net with time diversity for the tamper-proofing of Android applications. The intuition underlying our design is that a dynamic and static combining method can provide a multi-level protection for the codes, core algorithm and sensitive data. We analyze and classify the existing threats on Android platform and furthermore abstract then model the repackaging attack scenarios. We then adopt a random controller used by the dispatcher to randomly construct guarding net with different structure every time. We have built a prototype of our design using Java Native Interface cross-layer calling mechanism for performance requirement. Results from a deployment of AppIS on several kinds of popular apps demonstrate that the new design can prevent our apps from cumulative attack without extra performance cost.

[1]  Christian S. Collberg,et al.  Toward Digital Asset Protection , 2011, IEEE Intelligent Systems.

[2]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Daniele Sgandurra,et al.  Detection of repackaged mobile applications through a collaborative approach , 2015, Concurr. Comput. Pract. Exp..

[4]  Muhammad Mubashir Khan,et al.  Signature-based detection of privilege-escalation attacks on Android , 2015, 2015 Conference on Information Assurance and Cyber Security (CIACS).

[5]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[6]  Andy King,et al.  Partial evaluation of string obfuscations for Java malware detection , 2016, Formal Aspects of Computing.

[7]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[8]  Vijay Laxmi,et al.  AndroSimilar: Robust signature for detecting variants of Android malware , 2015, J. Inf. Secur. Appl..

[9]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Qi Li,et al.  A control flow obfuscation method for Android applications , 2016, 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS).

[11]  Ting-Wei Hou,et al.  Tamper-proofing basis path by using oblivious hashing on Java , 2007, SIGP.

[12]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[13]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[14]  Zhiyuan Wang,et al.  Android malware analytic method based on improved multi-level signature matching , 2015, 2015 5th International Conference on Information Science and Technology (ICIST).

[15]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[16]  Ramarathnam Venkatesan,et al.  Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings , 2007, MM&Sec.

[17]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[18]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[19]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[20]  Xuxian Jiang,et al.  A Static Assurance Analysis of Android Applications , 2013 .