Abstract
While Android app stores keep growing in size and in number, app repackaging has become a major threat to the health of the mobile ecosystem. Different from many syntax-based repackaging detection techniques, in this work we propose a semantic-based approach, RepDetector, which is more robust against code obfuscation attacks. To capture an app’s semantics, our approach extracts input-output states of core functions in the app and then compare function and app similarity. We implement a prototype of RepDetector, and evaluate it against various obfuscation technologies. The results show that our approach can detect repackaged apps effectively. It is also at least a hundred times faster than Androguard.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Dedexer. http://dedexer.sourceforge.net/
Dex2jar. https://code.google.com/p/dex2jar/
Dexguard. http://www.saikoa.com/dexguard
Desnos, A.Z.: Androidguard. https://code.google.com/p/androguard/
Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proc. of ICSE (2014)
Chen, K., Wang, P., Lee, Y., Wang, X., Zhang, N., Huang, H., Zou, W., Liu, P.: Finding unknown malice in 10 seconds: mass vetting for new threats at the google-play scale. In: Proceedings of the 24th USENIX Conference on Security Symposium, pp. 659–674. USENIX Association (2015)
Collberg, C.S., Myles, G., Huntwork, A.: Sandmark-a tool for software protection research. IEEE Secur. Priv. 1(4), 40–49 (2003)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)
Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar android applications. Technical report (2012). ucdavis.edu
De Maesschalck, R., Jouan-Rimbaud, D., Massart, D.L.: The mahalanobis distance. Chemom. Intell. Lab. Syst. 50(1), 1–18 (2000)
Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)
Gibler, C., Stevens, R., Crussell, J., Chen, H., Zang, H., Choi, H.: Characterizing android application plagiarism and its impact on developers. In: Proceedings of MobiSys (2013)
Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: A scalable system for detecting code reuse among android applications. In: Proceedings of DIMVA (2013)
Hemel, A., Kalleberg, K.T., Vermaas, R., Dolstra, E.: Finding software license violations through binary code clone detection. In: Proceedings of MSR. ACM (2011)
Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile app repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013)
Jhi, Y.C., Wang, X., Jia, X., Zhu, S., Liu, P., Wu, D.: Value-based program characterization and its application to software plagiarism detection. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 756–765. ACM (2011)
King, T., Barrett, C., Tinelli, C.: Leveraging linear and mixed integer programming for SMT. In: Formal Methods in Computer-Aided Design, FMCAD 2014, pp. 139–146. IEEE (2014)
Lafortune, E.: Proguard. http://proguard.sourceforge.net/
Lim, H., Park, H., Choi, S., Han, T.: Detecting theft of Java applications via a static birthmark based on weighted stack patterns. IEICE - Trans. Inf. Syst. E91–D(9), 2323–2332 (2008)
Myles, G., Collberg, C.S.: K-gram based software birthmarks. In: SAC (2005)
Potharaju, R., Newell, A., Nita-Rotaru, C., Zhang, X.: Plagiarizing smartphone applications: attack strategies and defense techniques. In: Proceedings of ESoSS (2012)
Schleimer, S., Wilkerson, D.S., Aiken, A.: Winnowing: local algorithms for document fingerprinting. In: Proceedings of ACM SIGMOD International Conference on Management of Data (2003)
Shao, Y., Luo, X., Qian, C., Zhu, P., Zhang, L.: Towards a scalable resource-driven approach for detecting repackaged android applications. In: Proceedings of ACSAC. ACM (2014)
Wang, X., Jhi, Y., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of 16th ACM Conference on Computer and Communications Security (CCS) (2009)
Wang, X., Jhi, Y.C., Zhu, S., Liu, P.: Detecting software theft via system call based birthmarks. In: Computer Security Applications Conference, ACSAC 2009. Annual, pp. 149–158. IEEE (2009)
Zhang, F., Jhi, Y., Wu, D., Liu, P., Zhu, S.: A first step towards algorithm plagiarism detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis. ACM (2012)
Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: Viewdroid: Towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of ACM WiSec, pp. 25–36. ACM, New York, NY, USA (2014)
Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pp. 93–104. ACM (2012)
Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of piggybacked mobile applications. In: Proceedings of ACM CODASpPY (2013)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of ACM CODASpPY (2012)
Acknowledgments
We thank the anonymous reviewers for their valuable comments and Dr. Nick Nikiforakis for shepherding our paper. The work of Guan and Luo was supported by the Science and Technology Planning Project of Guangdong Province, China ( 2014A040401027, 2012A080102007, 2015A030401043). The work of Huang and Zhu was partially supported by NSF CCF-1320605.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Guan, Q., Huang, H., Luo, W., Zhu, S. (2016). Semantics-Based Repackaging Detection for Mobile Apps. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2016. Lecture Notes in Computer Science(), vol 9639. Springer, Cham. https://doi.org/10.1007/978-3-319-30806-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-30806-7_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30805-0
Online ISBN: 978-3-319-30806-7
eBook Packages: Computer ScienceComputer Science (R0)