Loading [a11y]/accessibility-menu.js
Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code Against Repackaging Attacks | IEEE Journals & Magazine | IEEE Xplore

Leveraging Information Asymmetry to Transform Android Apps into Self-Defending Code Against Repackaging Attacks


Abstract:

By simply adding malicious code or advertisements in legitimate smartphone apps, attackers could benefit a lot from repackaging. The existing license protection mechanism...Show More

Abstract:

By simply adding malicious code or advertisements in legitimate smartphone apps, attackers could benefit a lot from repackaging. The existing license protection mechanisms can be easily subverted by repackaged apps. A major defense is to detect. However, detection requires finding at least two “similar” apps simultaneously. We propose a self-defending approach: let a repackaged app automatically expose itself. However, it is very challenging to achieve this goal. If developers and smartphones/users do not share any secret, attackers' app repackaging studio would be able to do whatever legitimate smartphones/users are able to do. We find that there exists a unique information asymmetry between developers and attackers. Leveraging this asymmetry, our new self-defending code (SDC) approach encrypts parts of the app code at compile time and dynamically decrypts the ciphertext code at run-time. Different from previous work, the key is derived from both the information asymmetry and the app's checksum. Once the app is repackaged, the changed checksum will let the app run abnormally, further exposing the repackaging. The information asymmetry protects the key from being attacked. We build a smartphone anti-repackaging system prototype. To the best of our knowledge, this is the first work that lets repackaged apps automatically malfunction while having none effect on a benign app's function.
Published in: IEEE Transactions on Mobile Computing ( Volume: 17, Issue: 8, 01 August 2018)
Page(s): 1879 - 1893
Date of Publication: 11 December 2017

ISSN Information:

Funding Agency:


References

References is not available for this document.