research-article

AppInk: watermarking android apps for repackaging deterrence

Authors:

Xuxian JiangAuthors Info & Claims

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 1 - 12

https://doi.org/10.1145/2484313.2484315

Published: 08 May 2013 Publication History

Abstract

With increased popularity and wide adoption of smartphones and mobile devices, recent years have seen a new burgeoning economy model centered around mobile apps. However, app repackaging, among many other threats, brings tremendous risk to the ecosystem, including app developers, app market operators, and end users. To mitigate such threat, we propose and develop a watermarking mechanism for Android apps. First, towards automatic watermark embedding and extraction, we introduce the novel concept of manifest app, which is a companion of a target Android app under protection. We then design and develop a tool named AppInk, which takes the source code of an app as input to automatically generate a new app with a transparently-embedded watermark and the associated manifest app. The manifest app can be later used to reliably recognize embedded watermark with zero user intervention. To demonstrate the effectiveness of AppInk in preventing app repackaging, we analyze its robustness in defending against distortive, subtractive, and additive attacks, and then evaluate its resistance against two open source repackaging tools. Our results show that AppInk is easy to use, effective in defending against current known repackaging threats on Android platform, and introduces small performance overhead.

References

[1]

Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. Using GUI Ripping for Automated Testing of Android Applications. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pages 258--261, New York, NY, USA, 2012. ACM.

Digital Library

[2]

Saswat Anand, Mayur Naik, Hongseok Yang, and Mary Jean Harrold. Automated Concolic Testing of Smartphone Apps. In ACM International Symposium on Foundations of Software Engineering, FSE, 2012.

Digital Library

[3]

Jien-Tsai Chan and Wuu Yang. Advanced Obfuscation Techniques for Java Bytecode. J. Syst. Softw., 71(1-2):1--10, April 2004.

Digital Library

[4]

Christian Collberg, Edward Carter, Saumya Debray, Andrew Huntwork, John Kececioglu, Cullen Linn, and Michael Stepp. Dynamic Path-based Software Watermarking. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, PLDI '04, pages 107--118, New York, NY, USA, 2004. ACM.

Digital Library

[5]

Christian Collberg, Ginger Myles, and Andrew Huntwork. SandMark - A Tool for Software Protection Research. IEEE Security and Privacy, Vol. 1, Num. 4, July/Auguest 2003.

Digital Library

[6]

Christian Collberg and Clark Thomborson. Software Watermarking: Models and Dynamic Embeddings. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '99, pages 311--324, New York, NY, USA, 1999. ACM.

Digital Library

[7]

Christian Collberg, Clark Thomborson, and Douglas Low. Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '98, pages 184--196, New York, NY, USA, 1998. ACM.

Digital Library

[8]

Jonathan Crussell, Clint Gibler, and Hao Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets. In 17th European Symposium on Research in Computer Security, ESORICS 2012, September 2012.

[9]

Mila Dalla Preda and Roberto Giacobazzi. Control Code Obfuscation by Abstract Interpretation. In Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods, SEFM '05, pages 301--310, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[10]

DalvikVM.com. Dalvik Virtual Machine - Brief Overview of the Dalvik Virtual Machine and Its Insights. http://www.dalvikvm.com/. Online; accessed at Nov 30, 2012.

[11]

FITTEST. M{agi}C Tool: M*C Test Generation Tool. http://selab.fbk.eu/magic/. Online; accessed at Dec 1, 2012.

[12]

Kazuhide Fukushima and Kouichi Sakurai. A Software Fingerprinting Scheme for Java Using Classfiles Obfuscation. In Ki-Joon Chae and Moti Yung, editors, Information Security Applications, volume 2908 of Lecture Notes in Computer Science, pages 303--316. Springer Berlin Heidelberg, 2004.

[13]

Dan Galpin and Trevor Johns. Evading Pirates and Stopping Vampires Using License Verification Library, In-App Billing, and App Engine. http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopp%ing-vampires-using-license-verification-library-in-app-billing-and-app-engine.%html. Online; accessed at Nov 30, 2012.

[14]

Rakesh Ghiya and Laurie J. Hendren. Is It a Tree, a DAG, or a Cyclic Graph? A Shape Analysis for Heap-directed Pointers in C. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '96, pages 1--15, New York, NY, USA, 1996. ACM.

Digital Library

[15]

Dieter Habelitz. Java 1.5 Grammar for ANTLR v3 That Builds Trees. http://www.antlr.org/grammar/1207932239307/Java1_5Grammars. Online; accessed at Nov 30, 2012.

[16]

Steve Hanna, Ling Huang, Saung Li, Charles Chen, and Dawn Song. Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. In 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2012, July 2012.

Digital Library

[17]

Google Inc. Android Application Licensing. http://developer.android.com/guide/google/play/licensing/index.html. Online; accessed at Nov 30, 2012.

[18]

Google Inc. Android Debug Bridge. http://developer.android.com/tools/help/adb.html. Online; accessed at Nov 30, 2012.

[19]

Google Inc. Android Emulator. http://developer.android.com/tools/help/emulator.html. Online; accessed at Nov 30, 2012.

[20]

Google Inc. Building and Running Android App from Command Line. http://developer.android.com/tools/building/building-cmdline.html. Online; accessed at Nov 30, 2012.

[21]

Google Inc. Testing Fundamental | Android Developers. http://developer.android.com/tools/testing/testing_android.html. Online; accessed at Nov 30, 2012.

[22]

Google Inc. UI/Application Exerciser Monkey. http://developer.android.com/tools/help/monkey.html. Online; accessed at Nov 30, 2012.

[23]

Lookout Inc. App Genome Report: February 2011. https://www.mylookout.com/appgenome/. Online; accessed at Nov 30, 2012.

[24]

Oracle Inc. Java Debug Interface. http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdi/. Online; accessed at Nov 30, 2012.

[25]

Saikoa Inc. A Specialized Optimizer and Obfuscator for Android. http://www.saikoa.com/dexguard. Online; accessed at Nov 30, 2012.

[26]

Yiming Jing, Gail-Joon Ahn, and Hongxin Hu. Model-Based Conformance Testing for Android. In Goichiro Hanaoka and Toshihiro Yamauchi, editors, Advances in Information and Computer Security, volume 7631 of Lecture Notes in Computer Science, pages 1--18. Springer Berlin Heidelberg, 2012.

[27]

Seolwoo Joo and Changyeon Hwang. Mobile Banking Vulnerability: Android Repackaging Threat. Virus Bulletin, May 2012.

[28]

Donald Knuth. Fundamental Algorithms, Volume 1 of The Art of Computer Programming, Third Edition. Addison-Wesley, 1997.

[29]

Eric Lafortune. ProGuard. http://proguard.sourceforge.net/. Online; accessed at Nov 30, 2012.

[30]

Lohan+. AntiLVL - Android License Verification Library Subversion. http://androidcracking.blogspot.com/p/antilvl_01.html. Online; accessed at Nov 30, 2012.

[31]

Lohan+. Cracking Amazon DRM. http://androidcracking.blogspot.com/2011/04/cracking-amazon-drm.html. Online; accessed at Nov 30, 2012.

[32]

Lohan+. Cracking Verizon's V Cast Apps DRM. http://androidcracking.blogspot.com/2011/06/cracking-verizons-v-cast-apps-drm.html. Online; accessed at Nov 1, 2012.

[33]

Riyadh Mahmood, Naeem Esfahani, Thabet Kacem, Nariman Mirzaei, Sam Malek, and Angelos Stavrou. A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud. In Proceedings of the 7th International Workshop on Automation of Software Test, AST 2012, 2012.

[34]

Atif M. Memon. An event-flow model of GUI-based applications for testing: Research Articles. Softw. Test. Verif. Reliab., 17(3):137--157, September 2007.

Digital Library

[35]

Akito Monden, Hajimu Iida, Ken-ichi Matsumoto, Koji Torii, and Katsuro Inoue. A Practical Method for Watermarking Java Programs. In 24th International Computer Software and Applications Conference, COMPSAC '00, pages 191--197, Washington, DC, USA, 2000. IEEE Computer Society.

Digital Library

[36]

Jasvir Nagra and Clark Thomborson. Threading Software Watermarks. In Proceedings of the 6th International Conference on Information Hiding, IH'04, pages 208--223, Berlin, Heidelberg, 2004. Springer-Verlag.

Digital Library

[37]

Jasvir Nagra, Clark Thomborson, and Christian Collberg. A Functional Taxonomy for Software Watermarking. In Proceedings of the Twenty-fifth Australasian Conference on Computer Science - Volume 4, ACSC '02, pages 177--186, Darlinghurst, Australia, Australia, 2002. Australian Computer Society, Inc.

Digital Library

[38]

Cu D. Nguyen, Alessandro Marchetto, and Paolo Tonella. Combining Model-based and Combinatorial Testing for Effective Test Case Generation. In Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA 2012, pages 100--110, New York, NY, USA, 2012. ACM.

Digital Library

[39]

Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang. Experience with Software Watermarking. In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, pages 308--, Washington, DC, USA, 2000. IEEE Computer Society.

Digital Library

[40]

Terence Parr. ANTLR - ANother Tool for Language Recognition. http://www.antlr.org/. Online; accessed at Nov 30, 2012.

[41]

Android Police. {Updated: Amazon Provides Clarifications} Amazon App Store's DRM To Be More Restrictive Than Google's? http://www.androidpolice.com/2011/03/07/amazon-app-stores-drm-to-be-mor%e-restrictive-than-googles/. Online; accessed at Nov 30, 2012.

[42]

Rahul Potharaju, Andrew Newell, Cristina Nita-Rotaru, and Xiangyu Zhang. Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques. In Proceedings of the 4th International Conference on Engineering Secure Software and Systems, ESSoS'12, pages 106--120, Berlin, Heidelberg, 2012. Springer-Verlag.

Digital Library

[43]

Todd A. Proebsting and Scott A. Watterson. Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). In In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), 1997.

Digital Library

[44]

Google Code Project. Android-apktool - Tool for Reengineering Android apk Files. http://code.google.com/p/android-apktool/. Online; accessed at Nov 30, 2012.

[45]

G. Ramalingam. The Undecidability of Aliasing. ACM Trans. Program. Lang. Syst., 16(5):1467--1471, September 1994.

Digital Library

[46]

Renas Reda. Robotium. http://code.google.com/p/robotium/. Online; accessed at Nov 30, 2012.

[47]

Tommi Takala, Mika Katara, and Julian Harty. Experiences of System-Level Model-Based GUI Testing of an Android Application. In Proceedings of the 4th IEEE International Conference on Software Testing, Verification, and Validation (ICST 2011), pages 377--386, Los Alamitos, CA, USA, March 2011. IEEE Computer Society.

Digital Library

[48]

Arxan Technologies. State of Security in the App Economy: Mobile Apps Under Attack. http://www.arxan.com/assets/1/7/state-of-security-app-economy.pdf, 2012.

[49]

Paul R. Wilson, Mark S. Johnstone, Michael Neely, and David Boles. Dynamic Storage Allocation: A Survey and Critical Review. In Proceedings of the International Workshop on Memory Management, IWMM '95, pages 1--116, London, UK, UK, 1995. Springer-Verlag.

Digital Library

[50]

Rubin Xu, Hassen Saıdi, and Ross Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association.

Digital Library

[51]

Min Zheng, Patrick P.C. Lee, and John C.S. Lui. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems . In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.

Digital Library

[52]

Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, Scalable Detection of Piggybacked Mobile Applications. In Proceedings of the 3nd ACM Conference on Data and Application Security and Privacy, CODASPY '13, February 2013.

Digital Library

[53]

Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, CODASPY '12, February 2012.

Digital Library

[54]

Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, Oakland 2012, May 2012.

Digital Library

Cited By

Alecci MSamhi JLi LBissyandé TKlein J(2024)Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3358979(1-18)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3358979
Inshi SElarbi MChowdhury ROuld-Slimane HTalhi C(2022)CAPEF: Context-Aware Policy Enforcement Framework for Android ApplicationsJournal of Engineering Research and Sciences10.55708/js02010022:1(13-23)Online publication date: Jan-2022
https://doi.org/10.55708/js0201002
Samhi JLi LBissyandé TKlein JDwyer MDamian DZeller A(2022)DifuzerProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510135(723-735)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510135
Show More Cited By

Index Terms

AppInk: watermarking android apps for repackaging deterrence
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Fast, scalable detection of "Piggybacked" mobile applications
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Mobile applications (or apps) are rapidly growing in number and variety. These apps provide useful features, but also bring certain privacy and security risks. For example, malicious authors may attach destructive payloads to legitimate apps to create ...
Droidmarking: resilient software watermarking for impeding android application repackaging
ASE '14: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

Software plagiarism in Android markets (app repackaging) is raising serious concerns about the health of the Android ecosystem. Existing app repackaging detection techniques fall short in detection efficiency and in resilience to circumventing attacks; ...
VirtualSwindle: an automated attack against in-app billing on android
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

Since its introduction, Android's in-app billing service has quickly gained popularity. The in-app billing service allows users to pay for options, services, subscriptions, and virtual goods from within mobile apps themselves. In-app billing is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

May 2013

574 pages

ISBN:9781450317672

DOI:10.1145/2484313

General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '13

Sponsor:

SIGSAC

ASIA CCS '13: 8th ACM Symposium on Information, Computer and Communications Security

May 8 - 10, 2013

Hangzhou, China

Acceptance Rates

ASIA CCS '13 Paper Acceptance Rate 35 of 216 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

63
Total Citations
View Citations
858
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alecci MSamhi JLi LBissyandé TKlein J(2024)Improving Logic Bomb Identification in Android Apps via Context-Aware Anomaly DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3358979(1-18)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3358979
Inshi SElarbi MChowdhury ROuld-Slimane HTalhi C(2022)CAPEF: Context-Aware Policy Enforcement Framework for Android ApplicationsJournal of Engineering Research and Sciences10.55708/js02010022:1(13-23)Online publication date: Jan-2022
https://doi.org/10.55708/js0201002
Samhi JLi LBissyandé TKlein JDwyer MDamian DZeller A(2022)DifuzerProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510135(723-735)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510135
Ma JSun QXu CTao X(2022)GridDroid—An Effective and Efficient Approach for Android Repackaging Detection Based on Runtime Graphical User InterfaceJournal of Computer Science and Technology10.1007/s11390-021-1659-337:1(147-181)Online publication date: 31-Jan-2022
https://doi.org/10.1007/s11390-021-1659-3
Li LBissyande TKlein J(2021)Rebooting Research on Detecting Repackaged Android Apps: Literature Review and BenchmarkIEEE Transactions on Software Engineering10.1109/TSE.2019.290167947:4(676-693)Online publication date: 1-Apr-2021
https://doi.org/10.1109/TSE.2019.2901679
Zeng QLuo LQian ZDu XLi ZHuang CFarkas C(2021)Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic BombsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.295778718:6(2582-2600)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TDSC.2019.2957787
Alshehri M(2021)APP-NTS: a network traffic similarity-based framework for repacked Android apps detectionJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-021-03023-013:3(1537-1546)Online publication date: 10-Mar-2021
https://doi.org/10.1007/s12652-021-03023-0
Gao JLi LKong PBissyandé TKlein JDevanbu PCohen MZimmermann T(2020)Borrowing your enemy’s arrows: the case of code reuse in Android via direct inter-app code invocationProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3368089.3409745(939-951)Online publication date: 8-Nov-2020
https://dl.acm.org/doi/10.1145/3368089.3409745
Zhang WWang HHe HLiu P(2020)DAMBA: Detecting Android Malware by ORGB AnalysisIEEE Transactions on Reliability10.1109/TR.2019.292467769:1(55-69)Online publication date: Mar-2020
https://doi.org/10.1109/TR.2019.2924677
Shrivastava GKumar POjha RSrivastava PMohan SSrivastava G(2020)Defensive Modeling of Fake News Through Online Social NetworksIEEE Transactions on Computational Social Systems10.1109/TCSS.2020.30141357:5(1159-1167)Online publication date: Oct-2020
https://doi.org/10.1109/TCSS.2020.3014135
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents