Android Reverse Engineering Of Graphical User Interfaces And Its Applications

With the rapid development of Internet technology, the mobile terminal market is also booming, some new mobile terminal operating systems rise rapidly. Android operating system due to its open source, become a mobile terminal operating system occupies the largest market share in just a few years, around the Android operating system also appeared a variety of third party Android app store market, and 80% applications users downloaded come from third party application store market, these users have no clear objective and professional knowledge, they did not think highly of the applications’safety, makes it easy for users to download these applications called repackaged applications which repackage legal applications and make them looks like the same ones. These applications pose a serious threat to the user experience and mobile phone security, have aroused the concern of many researchers.At the same time, Android applications are user interaction intensive applications, UI is the only interface to the user to interact with the device, its operation simple, smooth and comfortable degree and interaction of humanized play an important role on the success of the product, so UI becomes essential part of Android application, and its UI information can also reflect functions of the application and so on, these make the study about Android UI great significant.This article designs a UI modeling method based on attribute graph by the technology of reverse and program analysis theory for applications on Android, and applies in malware Repackaged detection of applications and evaluate resemblance of application families. This method depicts Widgets consisted in UI and relationships between Uis. In Android applications, Activity is the only components that users can see and interact with, it define and display UI Widgets, such as buttons, text boxes, etc., there are many different Activities in most applications, Activities can be switched to accomplish different tasks under certain conditions. According to this, abstract the Activity as the node of Attribute UI graph, the node attributes are the numbers of different UI Widgets and the attribute of their sub-components in corresponding Activity class, the directed edges are used to characterize the different UI unit (Activity) Switching relations, the whole method no longer use APIs, which can effectively overcome some shortcomings due to rely on APIs.On the basis of the characteristic that Repackaged applications are similar on UI and the characteristics that functions and appearances are highly similar between the members of families, applied this method to detect malware Repackaged applications and evaluate resemblance of application families. According to UI modeling 8745 Android applications, the success rate of UI model is 94.74%, detected 2231(26.13%) Repackaged applications, which have same UI are about 50.0% of malicious ones. For UI similarity evaluation on 497 families, there are more than 80% of the similarity on UI between members of 90% families. The result shows that the UI modeling method helps develop more comprehensive application to detect Repackaged applications include malicious ones, and help to study evaluation of families in mobile applications.