Abstract
Because it is not hard to reverse engineer the Dalvik bytecode used in the Dalvik virtual machine, Android application repackaging has become a serious problem. With repackaging, a plagiarist can simply steal others’ code violating the intellectual property of the developers. More seriously, after repackaging, popular apps can become the carriers of malware, adware or spy-ware for wide spreading. To maintain a healthy app market, several detection algorithms have been proposed recently, which can catch some types of repackaged apps in various markets efficiently. However, they are generally lack of valid analysis on their effectiveness. After analyzing these approaches, we find simple obfuscation techniques can potentially cause false negatives, because they change the main characteristics or features of the apps that are used for similarity detections. In practice, more sophisticated obfuscation techniques can be adopted (or have already been performed) in the context of mobile apps. We envision this obfuscation based repackaging will become a phenomenon due to the arms race between repackaging and its detection. To this end, we propose a framework to evaluate the obfuscation resilience of repackaging detection algorithms comprehensively. Our evaluation framework is able to perform a set of obfuscation algorithms in various forms on the Dalvik bytecode. Our results provide insights to help gauge both broadness and depth of algorithms’ obfuscation resilience. We applied our framework to conduct a comprehensive case study on AndroGuard, an Android repackaging detector proposed in Black-hat 2011. Our experimental results have demonstrated the effectiveness and stability of our framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Android Apktool: A tool for reengineering android apk files, http://code.google.com/p/android-apktool/
Dalvik virtual machine: code and documentation, http://code.google.com/p/dalvik/
Dasho, preemptive solutions, http://www.preemptive.com/products/dasho
Dex2jar, http://code.google.com/p/dex2jar/
Dexguard, http://www.saikoa.com/dexguard
Dx tool source code, http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.1.2_r1/com/android/dx/ssa/
Gartner says android to command nearly half of worldwide smartphone operating system market by year-end 2012, http://www.gartner.com/it/page.jsp?id=1622614
Klassmaster, http://www.zelix.com/klassmaster/docs/index.html
Oracle Virtual Machine, https://wikis.oracle.com/display/MaxineVM/Home/
ProGuard, http://proguard.sourceforge.net/
Smali/Baksmali, http://code.google.com/p/smali/
Soot: a Java optimization framework, http://www.sable.mcgill.ca/soot/
Byte code engineering library (bcel), http://sourceforge.net/projects/javaclass/
Ceccato, M., Di Penta, M., Nagra, J., Falcarin, P., Ricca, F., Torchiano, M., Tonella, P.: Towards experimental evaluation of code obfuscation techniques. In: Proceedings of the 4th ACM Workshop on Quality of Protection, QoP 2008, pp. 39–46. ACM, New York (2008), http://doi.acm.org/10.1145/1456362.1456371
Collberg, C., Myles, G., Huntwork, A.: Sandmarks a tool for software protection research. IEEE Security and Privacy 1(4), 40–49 (2003)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report (1997)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: Detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)
Desnos, A., Gueguen, G.: Android: From reversing to decompilation. In: Black Hat 2011, Abu Dhabi (2011)
Jhi, Y.-C., Wang, X., Jia, X., Zhu, S., Liu, P., Wu, D.: Value-based program characterization and its application to software plagiarism detection. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 756–765. ACM (2011)
Karnick, M., Macbride, J., Mcginnis, S., Tang, Y., Ramach, R.: A qualitative analysis of Java obfuscation
Li, S.: Juxtapp: A scalable system for detecting code reuse among android applications. Master’s thesis, EECS Department, University of California, Berkeley (May 2012), http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-111.html
Octeau, D., Enck, W., McDaniel, P.: The ded Decompiler. Technical Report NAS-TR-0140-2010, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (September 2010), http://siis.cse.psu.edu/ded/papers/NAS-TR-0140-2010.pdf
Octeau, D., Jha, S., McDaniel, P.: Retargeting Android Applications to Java Bytecode. In: Proceedings of the 20th International Symposium on the Foundations of Software Engineering (November 2012), http://siis.cse.psu.edu/dare/papers/octeau-fse12.pdf
Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Detecting software theft via system call based birthmarks. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 149–158. IEEE (2009)
Xu, R., Saıdi, H., Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: Proceedings of the 21st USENIX Conference on Security (2012)
You, I., Yim, K.: Malware obfuscation techniques: A brief survey. In: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (2010)
Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM, New York (2012)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy, SP, pp. 95–109. IEEE (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Huang, H., Zhu, S., Liu, P., Wu, D. (2013). A Framework for Evaluating Mobile App Repackaging Detection Algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-38908-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38907-8
Online ISBN: 978-3-642-38908-5
eBook Packages: Computer ScienceComputer Science (R0)