CodeMatch: obfuscation won't conceal your repackaged app

Glanz, Leonid; Amann, Sven; Eichberg, Michael; Reif, Michael; Hermann, Ben; Lerch, Johannes; Mezini, Mira

doi:10.1145/3106237.3106305

Cited by 40 publications

(28 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of works detail different obfuscation techniques in general [6,12,13,52], for the Java programming language [10,30,46], and for Android apps in particular [22,25,44]. Other work relating to obfuscation in Android apps has focused on reversing the effects of obfuscation [5,49] or on detecting certain features of an app despite obfuscation, like code reuse [26,28,34,53], the detection of repacked malware [23,24,35,47], or identification of third-party libraries [2,38].…”

Section: Related Workmentioning

confidence: 99%

“…These markets have enabled the quick and simple distribution of new software, but they have also enabled numerous studies of application security [17][18][19], and provided mechanisms to identify malware on devices before or after infection [9,37]. Much of this research depends on automated and or manual software analysis techniques, and these techniques face challenges in the presence of software obfuscation [14,26,28,34,53], software transformations designed to frustrate automatic or manual analysis.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Large Scale Investigation of Obfuscation Use in Google Play

Wermke

Huaman

Acar

et al. 2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also self-report difficulties applying obfuscation for their own apps. To better understand this, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. Our findings show that more work is needed to make obfuscation tools more usable, to educate developers on the risk of their apps being reverse engineered, their intellectual property stolen, their apps being repackaged and redistributed as malware and to improve the health of the overall Android ecosystem.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Large Scale Investigation of Obfuscation Use in Google Play

Wermke

Huaman

Acar

et al. 2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…Finally, we investigate how the accuracy of repackaged [19] (10000,100000) DR-Droid2 [20] (1000,10000) DAPASA [21] (10000,100000) FUIDroid [22] (10000,100000) APPraiser [23] (1000000, ∞) RepDroid [24] (100,1000) SimiDroid [25] (1000,10000) GroupDroid [26] (1000,10000) CLANdroid [27] (10000,100000) DR-Droid [28] (1000,10000) DroidClone [29] (100,1000) FSquaDRA2 [30] (1000,10000) Li et al [31] α (1000000, ∞) Niu et al [32] -RepDetector [33] (1000,10000) SUIDroid [34] (100000,1000000) Kim et al [35] (100,1000) AndroidSOO [36] (10000,100000) AndroSimilar2 [37] (10000,100000) Chen et al [38] (1000,10000) DroidEagle [39] (1000000, ∞) ImageStruct [40] (10000,100000) MassVet [41] (1000000, ∞) PICARD [42] (0,100) Soh et al [43] (100,1000) Wu et al [44] (1000,10000) WuKong [45] (100000,1000000) AnDarwin2 [46] (100000,1000000) AndRadar [47] (100000,1000000) Chen et al [48] (10000,100000) DIVILAR [49] (0,100) DroidKin [50] (1000,10000) DroidLegacy [51] (1000,10000) DroidMarking [9] (100,1000) DroidSim [52] (100,1000) FSquaDRA [53] (10000,100000) Kywe et al [54] (10000,100000) Linares-Vásquez et al [55] α (10000,100000) PlayDrone [56] α (1000000, ∞) ResDroid [57] (1000...…”

Section: Review Of Evaluation Setups and Artefactsmentioning

confidence: 99%

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

Bissyandé

Klein

2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Repackaging is a serious threat to the Android ecosystem as it deprives app developers of their benefits, contributes to spreading malware on users' devices, and increases the workload of market maintainers. In the space of six years, the research around this specific issue has produced 57 approaches which do not readily scale to millions of apps or are only evaluated on private datasets without, in general, tool support available to the community. Through a systematic literature review of the subject, we argue that the research is slowing down, where many state-of-the-art approaches have reported high-performance rates on closed datasets, which are unfortunately difficult to replicate and to compare against. In this work, we propose to reboot the research in repackaged app detection by providing a literature review that summarises the challenges and current solutions for detecting repackaged apps and by providing a large dataset that supports replications of existing solutions and implications of new research directions. We hope that these contributions will re-activate the direction of detecting repackaged apps and spark innovative approaches going beyond the current state-of-the-art.

show abstract

“…The third kind leverages lib detection methods. CodeMatch [31] filters out libraries used in apps then compares the hash of their remnant. Wukong [32] detects repackage apps in two steps, but that it processes the second step by using a counting-based code clone detection approach, instead of hash.…”

Section: Related Workmentioning

confidence: 99%

A Large-Scale Empirical Study on Industrial Fake Apps

Tang

Chen

Fan

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)

View full text Add to dashboard Cite

While there have been various studies towards Android apps and their development, there is limited discussion of the broader class of apps that fall in the fake area. Fake apps and their development are distinct from official apps and belong to the mobile underground industry. Due to the lack of knowledge of the mobile underground industry, fake apps, their ecosystem and nature still remain in mystery.To fill the blank, we conduct the first systematic and comprehensive empirical study on a large-scale set of fake apps. Over 150,000 samples related to the top 50 popular apps are collected for extensive measurement. In this paper, we present discoveries from three different perspectives, namely fake sample characteristics, quantitative study on fake samples and fake authors' developing trend. Moreover, valuable domain knowledge, like fake apps' naming tendency and fake developers' evasive strategies, is then presented and confirmed with case studies, demonstrating a clear vision of fake apps and their ecosystem.

show abstract

CodeMatch: obfuscation won't conceal your repackaged app

Cited by 40 publications

References 25 publications

A Large Scale Investigation of Obfuscation Use in Google Play

A Large Scale Investigation of Obfuscation Use in Google Play

Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark

A Large-Scale Empirical Study on Industrial Fake Apps

Contact Info

Product

Resources

About