Android Applications Repackaging Detection Techniques for Smartphone Devices

摘要

The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside user devices. Repackaged apps are usually infected versions of popular apps. Adversaries download a popular Android app, and obtain the code using reverse engineering and then add their code (often malicious) to it and repackage and release the app. A number of techniques proposed in research and a number of commercial anti-virus products focus on detecting malwares. This is the traditional approach and requires a signature database. Zero day threats cannot be caught with such methods. There are many techniques which focus entirely on detecting repackaged apps. Since repackaged apps are in the majority among the infected Android apps, they can save the user from a large percentage of Android malwares. Detection and prevention of repackaging is also beneficial for original developer/publisher as they do not incur harm to revenue or reputation. In this paper? we study in detail about some of the repackaging detection techniques. Mainly, there are two kinds of techniques - offline and online. They serve different purposes. An offline technique cannot be replaced by an online technique and vice versa. Offline techniques are for direct use of app market owner, whereas online techniques are for direct use of Android users. We study different offline and online techniques. These techniques use different features and metrics to detect similarity of apps and they are representatives of their category of techniques.