| In recent years, Android application stores have witnessed incredible popularity. However, they are also confronted with non-effective supervision. Because it is not hard to reverse the Dalvik bytecode used in the Dalvik virtual machine, Android application repackaging has become a serious problem. With repackaging, a plagiarist can simply steal others’ code, repackage others’ apps under their own names or embed different advertisements, and then republish them to an app store to earn monetary profit. More seriously, after repackaging, popular apps can become the carriers of malware for wide spreading. It is a serious threat to the vital interests of user, and the security of Mobile platform. It is thus very important for the research of Android applications repackaging detection methods.The main goal of this thesis is to study Android applications repackaging detection methods based on static analysis. We have developed a system that detects repackaged apps based on static analysis. In this system, we focus on reverse engineering and the characteristics of application.This thesis makes the following contributions:First, we design a static analysis detection method which uses digital signature, permission and Dalvik executable file as the characteristic values. Second, we implement an app similarity measurement system which is based on our method. Third, we solved the problem of the high rate of false positives. Finally, we employed fuzzy hashing technique to detect the changes from Dalvik executable file.According to the detection methods described in this thesis, the false positive rate is below5%for detection of those repackaged samples we have produced. Our system also has reached a satisfactory result for the detection of applications coming from the Internet. The focus of our paper is to study the Android applications repackaging detection methods based on static analysis. |
PDF Full Text Request