The Research And Implementation Of Dynamic Software Watermarking Technology For Android Applications

With the unprecedented adoption of smart phones in consumer and enterprise users, a large number of mobile applications (apps) have been developed and installed to extend the capability and horizon of mobile devices.At the same time, the wild proliferation of mobile apps has introduced serious risks to the stakeholders in the ecosystem. Particularly,app repackaging has been considered as a major threat to both app developers and end users.Through app repackaging, malicious users can breach the revenue stream and intellectual property of original app authors, and plant malicious backdoors or payloads to infect unsuspecting mobile users.Facing the widespread propagation of the app repackaging threat,effective security defenses are seriously lagging behind.Android package obfuscation tools such as Proguard and DexGuard have been provided by Google and other companies to confuse attackers when they are in the process of repackaging an app. However obfuscation can only increase the difficulty of reverse engineering Android apps, and cannot stop determined attackers from achieving their purposes through manual analysis, laborious experiments, and strong persistence.The current industrial practices are either too weak to deter determined attackers from conducting repackaging attacks, or too complex to be deployed properly.Recently, researchers have begun to tackle this problem, but most of the proposed solutions so far focus on feasible mechanisms to detect repackaged apps after their propagation. Current techniques try to detect similar apps in Android markets. Some use graph-based approaches, and some use hash-based approaches. However, the detection rate could be lowered by obfuscation techniques. Obfuscation transforms the control flow and data flow, which makes it hard for current approaches to detect repackaged apps.When facing the low-cost of repackaging and high-cost of identifying repackaged apps, we need an effective and efficient approach to identify the illegal repackaged apps, which can not only protect the ownership of original authors but also bring the safeness of users.Android markets will also benefit from this.Embedding watermarks in Android apps could potentially solve this problem. The embedded watermark can be used to identify the owner of apps. By extracting watennarks from apps and comparing them, we can identify the repackaged pairs.Static watermarking embeds the watermark into the code or data of a package and extracts the watermark without executing the code; dynamic watermarking embeds the watermark into the execution state of the target software, and extracts the waterrmark during runtime. Typically, dynamic watermarking has a stronger resistance against these attacks than static watermarking, and it is used in our approach to embed and verify the ownership of a specific Android apk.Software watermarking has been studied extensively to defend against the piracy of desktop software. Since the processes of mobile app repackaging and desktop software piracy are similar, we believe that software watennarking can be a promising technique in deterring app repackaging. But there are some problems with watermark in Android applications.The current research about the application of Android software watermarking is rare, and the existing protection scheme for Android applications is mainly embedding in source code or dex file, but in real life, the developers only offer Android apk file.Because of the limitations and problems of the above software watermarking technology, this paper proposes and develops a dynamic watermarking scheme based on Smali code. There are some improvements in this paper.In this paper,we choose Smali code as the carrier of watermark embedding, which not only does not need to provide source code, but also shortens the time of Android application decompile processing and solves the difficult problem of compiling.To reduce human participation, the execution sequence is generated according to the event driven property of Android as the input sequence of dynamic watermark embedding and watermark extraction. It can greatly improve the efficiency of watermark embedding, so that embedded watermark is widely used in Android applications.For Android applications that do not depend on the source code, the watermark can be embedded into the Android application. On the basis of the research of the current watermarking technology, according to the characteristics of APK, this paper proposes a dynamic watermarking scheme for Android application, and makes two improvements on the particularity of Android application.In this paper, we propose the android dynamic watermark scheme based on smali code, and implement a dynamic watermark system for Android apps. Experiments show that the application of the original application and after embedding the watermark in function, increase the space and time of overload only small, has certain robustness and concealment, it is proved that this system can effectively protect the Android application, the application of copyright protection.