Detecting repackaged smartphone applications in third-party android marketplaces

Zhou, Wu; Zhou, Yajin; Jiang, Xuxian; Ning, Peng

doi:10.1145/2133601.2133640

Cited by 483 publications

(338 citation statements)

References 10 publications

Supporting

Mentioning

330

Contrasting

Unclassified

Order By: Relevance

“…DroidMoss [16] is another approach dealing with the similarity detection issue in using opcode. Firstly, all opcodes are extracted from applications and then a piecewise hashing is computed to compare applications.…”

Section: Related Workmentioning

confidence: 99%

Using opcode-sequences to detect malicious Android applications

Jérôme

Allix

State

et al. 2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Abstract-Recently, the Android platform has seen its number of malicious applications increased sharply. Motivated by the easy application submission process and the number of alternative market places for distributing Android applications, rogue authors are developing constantly new malicious programs. While current anti-virus software mainly relies on signature detection, the issue of alternative malware detection has to be addressed. In this paper, we present a feature based detection mechanism relying on opcode-sequences combined with machine learning techniques. We assess our tool on both a reference dataset known as Genome Project as well as on a wider sample of 40,000 applications retrieved from the Google Play Store.

show abstract

Section: Related Workmentioning

confidence: 99%

Using opcode-sequences to detect malicious Android applications

Jérôme

Allix

State

et al. 2014

2014 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…This is problematic because app similarity detection tools should not consider library code when analyzing apps for similarity. Prior approaches [16,33] identified libraries using white lists and manual efforts; however, these approaches are inherently not scalable and prone to omission. In contrast, AnDarwin automatically detects libraries by leveraging the results of its clustering of similar code (Section 4.2).…”

Section: Excluding Library Codementioning

confidence: 99%

“…DEXCD [18] detects Android clones by comparing similarities in streams of tokens from Android DEX files. DroidMOSS [33] computes a series of fingerprints for each app based on the fuzzy hashes of consecutive opcodes, ignoring operands. Apps are then compared pairwise for repackaging by calculating the edit distance between the overall fingerprint of each app.…”

Section: Related Workmentioning

confidence: 99%

“…There are several ways developers may lose potential revenue: a paid app may be "cracked" and released for free or a free app may be copied, or "cloned", and re-released with changes to the ad libraries that cause ad revenue to go to the plagiarist [21]. App cloning has been widely reported by developers, smart phone security companies and the academic community [8,10,11,16,22,34,33]. Unfortunately, the openness of Android markets and the ease of repackaging apps contribute to the ability of plagiarists to clone apps and resubmit them to markets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

AnDarwin: Scalable Detection of Semantically Similar Android Applications

Crussell

Gibler

Chen

2013

Lecture Notes in Computer Science

112

View full text Add to dashboard Cite

Abstract. The popularity and utility of smartphones rely on their vibrant application markets; however, plagiarism threatens the long-term health of these markets. We present a scalable approach to detecting similar Android apps based on their semantic information. We implement our approach in a tool called AnDarwin and evaluate it on 265,359 apps collected from 17 markets including Google Play and numerous thirdparty markets. In contrast to earlier approaches, AnDarwin has four advantages: it avoids comparing apps pairwise, thus greatly improving its scalability; it analyzes only the app code and does not rely on other information -such as the app's market, signature, or descriptionthus greatly increasing its reliability; it can detect both full and partial app similarity; and it can automatically detect library code and remove it from the similarity analysis. We present two use cases for AnDarwin: finding similar apps by different developers ("clones") and similar apps from the same developer ("rebranded"). In ten hours, AnDarwin detected at least 4,295 apps that have been the victims of cloning and 36,106 apps that are rebranded. By analyzing the clusters found by AnDarwin, we found 88 new variants of malware and identified 169 malicious apps based on differences in the requested permissions. Our evaluation demonstrates AnDarwin's ability to accurately detect similar apps on a large scale.

show abstract

“…Disguising as a normal application, it leaks personal or financial information of users by causing damages often [9], [14], [15]. And Update attack is a method that installs a malicious app when a user downloads an update.…”

Section: A Characteristics Of Malicious Android Applicationsmentioning

confidence: 99%

Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events

Ham¹,

Lee²

2014

IJCCE

View full text Add to dashboard Cite

Abstract-The diverse types of mobile applications are used regardless of time and place, as a number of Android mobile device users have been recently increased. However, the breach of privacy through illegal leakage of personal information and financial information inside mobile devices has occurred without users' notices, as the malicious mobile application is relatively increasing In order to reduce the damage caused by the malicious Android applications, the efficient detection mechanism should be developed to determine normal and malicious apps correctly. In this paper, we aggregated real-time system call events activated from malware samples distributed by Android Malware Genome Project. After extracting the basic difference feature and characteristics of system call events pattern from each normal and malicious applications, we can determine whether any given anonymous mobile application is malicious or normal one.

show abstract

Detecting repackaged smartphone applications in third-party android marketplaces

Cited by 483 publications

References 10 publications

Using opcode-sequences to detect malicious Android applications

Using opcode-sequences to detect malicious Android applications

AnDarwin: Scalable Detection of Semantically Similar Android Applications

Detection of Malicious Android Mobile Applications Based on Aggregated System Call Events

Contact Info

Product

Resources

About