You can’t touch this: Consumer-centric android application repackaging detection

• Published in: Future generation computer systems Vol. 65; pp. 1 - 9
• Main Authors: Gurulian, Iakovos, Markantonakis, Konstantinos, Cavallaro, Lorenzo, Mayes, Keith
• Format: Journal Article
• Language: English
• Published: Elsevier B.V 01.12.2016
• Subjects: Android; Application repackaging; Effectiveness analysis; Electronic fraud; User privacy; User-centric security; Effectiveness analysis; User privacy; Application repackaging; User-centric security; Electronic fraud; Android
• ISSN: 0167-739X; 1872-7115
• DOI: 10.1016/j.future.2016.05.021

Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application’s popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker’s reluctance to significantly alter the elements that characterise an application without notably impacting the application’s distribution. These elements include the application’s name and icon. The detection is initiated from the client side, prior to an application’s installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient. •We propose an application store agnostic repackaging detection method.•Detection based on elements that an attacker is reluctant to significantly alter.•91% detection rate on real repackaged applications.•Detection of repackaged applications that clone original application’s name and icon.•Detection of repackaged applications that only clone the application name and icon.