Detection of repackaged mobile applications through a collaborative approach

摘要

Repackaged applications are based on genuine applications, but they subtlety include some modifications.rnIn particular, trojanized applications are one of the most dangerous threats for smartphones. Malware codernmay be hidden inside applications to access private data or to leak user credit. In this paper, we propose arncontract-based approach to detect such repackaged applications, where a contract specifies the set of legalrnactions that can be performed by an application. Current methods to generate contracts lack informationrnfrom real usage scenarios, thus being inaccurate and too coarse-grained. This may result either in generatingrntoo many false positives or in missing misbehaviors when verifying the compliance between the applicationrnand the contract. In the proposed framework, application contracts are generated dynamically by a centralrnserver merging execution traces collected and shared continuously by collaborative users executing the application.rnMore precisely, quantitative information extracted from execution traces is used to define a contractrndescribing the expected application behavior, which is deployed to the cooperating users. Then, every userrncan use the received contract to check whether the related application is either genuine or repackaged. Suchrna verification is based on an enforcement mechanism that monitors the application execution at run-time andrncompares it against the contract through statistical tests.