| With the proliferation of mobile devices,the number of Android applications is increasing rapidly.Currently,Android has occupied the mobile market share of 86.8%.However,application repackaging now is becoming one of the most serious threat to the whole Android ecosystem,as it not only plunders the income of developers but also may invade users' privacy and property security.Recently,researchers have proposed a vari-ety of android app repackaging detection approaches.But more and more plagiarists leverage the code hardening techniques to encrypt and hide the source code files of their repackaged applications to evade the code-based detection.Although few re-source file based methods can handle the packed apps,they are not scalable to detect repackaged app in such a large-scale scenario because of the high time complexity and weak robustness.Considering these drawbacks in previous detection methods,this paper proposed a novel app repackaging detection method.The core work is to build a hardening-resilient and light-weight application birthmark.By extracting the user interface feature to con-struct application birthmark,it can effectively resist the effect of code reinforcement.In order to achieve accuracy and scalability in real-world large-scale scenario sim-ultaneously,this paper presented a complete performance improvement strategy.To achieve scalability,a rule-based pre-filter is used to reduce the number of invalid com-parisons between apps.And to improve the accuracy of detection,a statistical-based filtering approach-LayoutList is used to filter the files that included by third-party libraries.LayoutList can effectively determine third-party libraries without any prior knowledge.The experiment result shows that after filtering third-party libraries,the false negative rate is 2.0%and the false positive rate is only 0.04%.Based on above methods,this paper implemented a prototype system,LMDroid.We evaluated the robustness of LMDroid to current mainstream commercial app hard-ening technologies,and tested the performance of LMDroid on more than 50,000 real?world apps,which are crawled from five different Android markets.The evaluation re-sults show that LMDroid can effectively detect the packed repackaged app and achieve great performance in real-world large-scale scenario... |
PDF Full Text Request