Android Applications Repackaging Detection Techniques for Smartphone Devices

The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside user devices. Repackaged apps are usually infected versions of popular apps. Adversaries download a popular Android app, and obtain the code using reverse engineering and then add their code (often malicious) to it and repackage and release the app. A number of techniques proposed in research and a number of commercial anti-virus products focus on detecting malwares. This is the traditional approach and requires a signature database. Zero day threats cannot be caught with such methods. There are many techniques which focus entirely on detecting repackaged apps. Since repackaged apps are in the majority among the infected Android apps, they can save the user from a large percentage of Android malwares. Detection and prevention of repackaging is also beneficial for original developer/publisher as they do not incur harm to revenue or reputation.In this paper we study in detail about some of the repackaging detection techniques. Mainly, there are two kinds of techniques - offline and online. They serve different purposes. An offline technique cannot be replaced by an online technique and vice versa. Offline techniques are for direct use of app market owner, whereas online techniques are for direct use of Android users. We study different offline and online techniques. These techniques use different features and metrics to detect similarity of apps and they are representatives of their category of techniques.

[1]  Hao Chen,et al.  Attack of the Clones: Detecting Cloned Applications on Android Markets , 2012, ESORICS.

[2]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[3]  Hao Chen,et al.  AnDarwin: Scalable Detection of Semantically Similar Android Applications , 2013, ESORICS.

[4]  Nicolas Christin,et al.  Sweetening android lemon markets: measuring and combating malware in application marketplaces , 2013, CODASPY '13.

[5]  Mario Vento,et al.  A (sub)graph isomorphism algorithm for matching large graphs , 2004, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[6]  Alan M. Frieze,et al.  Min-wise independent permutations (extended abstract) , 1998, STOC '98.

[7]  Kai Chen,et al.  Droidmarking: resilient software watermarking for impeding android application repackaging , 2014, ASE.

[8]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[9]  Peng Liu,et al.  Achieving accuracy and scalability simultaneously in detecting application clones on Android markets , 2014, ICSE.

[10]  Juanru Li,et al.  APKLancet: tumor payload diagnosis and purification for android applications , 2014, AsiaCCS.

[11]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[13]  Alexandr Andoni,et al.  Near-Optimal Hashing Algorithms for Approximate Nearest Neighbor in High Dimensions , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).