Research Of The Android Repackaged Applications’ Detection Based On The Call Graph

In recent years,the number of Android applications is rapidly growing because of the openness of Android and the superior user experience.At the same time,more and more malicious developers focus on this platform.Malicious developers modify the application in the market,such as changing the ad library,modifying the code,inserting malicious code,etc.Then they repackage the applications and release them to the market to gain benefits.The behavior of repackaging applications not only infringe the legitimate rights of the developers,but also bring a huge security risk to the users.Hence,how to detect the repackaged applications in the market is very important.At present,there are two ways of analyzing applications:static analysis and dynamic analysis.With the popularity of Android,there are more and more applications being heavily repackaged in the third-party application market.In order to solve this problem,we proposed a method of detecting Android repackaged applications based on call graph.The following is the main work of this paper:(1)Through studying and summarizing the existing detection techniques of domestic and foreign,we work out a method of detecting Android repackaged applications based on functioncall graph.At first,we decompile the application to obtain the smali code;then analyze the smali code to generate an app’s function call graph and label the nodes in the graph with the opcodes in the methods;next,remove the third library,such as:ad library,system library,at the same time,save the view related APIs;finally,we use the motifs’ structure model of the subgraph to represent a function call graph,and compare the similarity of subgraph of the function call graph and then determine similar applications.(2)We apply our method on 5500 applications downloaded from Android app markets and 1500 malicious apps.There are 385 heavily repackaged apps in Android market,detection rate is 96.5%.And there exists 672 repackaged apps between the 1500 malicious applications,the repacket rate of 44.8%.The experimental results show that the method has high accuracy and good scalability.