You can’t touch this: Consumer-centric android application repackaging detection

Iakovos Gurulian; Konstantinos Markantonakis; Lorenzo Cavallaro; Keith Mayes

doi:10.1016/j.future.2016.05.021

You can’t touch this: Consumer-centric android application repackaging detection

Iakovos Gurulian, Konstantinos Markantonakis, Lorenzo Cavallaro, Keith Mayes

Research output: Contribution to journal › Article › peer-review

143 Downloads (Pure)

Abstract

Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application's popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker's reluctance to significantly alter the elements that characterise an application without notably impacting the application's distribution. These elements include the application's name and icon. The detection is initiated from the client side, prior to an application's installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient.

Original language	English
Pages (from-to)	1-9
Number of pages	9
Journal	Future Generation Computer Systems
Volume	65
Early online date	30 May 2016
DOIs	https://doi.org/10.1016/j.future.2016.05.021 https://doi.org/10.1016/j.future.2017.11.011
Publication status	Published - Dec 2016

Access to Document

Accepted ManuscriptAccepted author manuscript, 1.05 MBLicence: CC BY-NC-ND

http://www.sciencedirect.com/science/article/pii/S0167739X16301327

Cite this

@article{faa3c97c9de843beaf347db67eabdf94,

title = "You can{\textquoteright}t touch this: Consumer-centric android application repackaging detection",

abstract = "Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application's popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker's reluctance to significantly alter the elements that characterise an application without notably impacting the application's distribution. These elements include the application's name and icon. The detection is initiated from the client side, prior to an application's installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient.",

author = "Iakovos Gurulian and Konstantinos Markantonakis and Lorenzo Cavallaro and Keith Mayes",

year = "2016",

month = dec,

doi = "10.1016/j.future.2016.05.021",

language = "English",

volume = "65",

pages = "1--9",

journal = "Future Generation Computer Systems",

publisher = "Elsevier",

}

TY - JOUR

T1 - You can’t touch this

T2 - Consumer-centric android application repackaging detection

AU - Gurulian, Iakovos

AU - Markantonakis, Konstantinos

AU - Cavallaro, Lorenzo

AU - Mayes, Keith

PY - 2016/12

Y1 - 2016/12

N2 - Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application's popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker's reluctance to significantly alter the elements that characterise an application without notably impacting the application's distribution. These elements include the application's name and icon. The detection is initiated from the client side, prior to an application's installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient.

AB - Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application's popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker's reluctance to significantly alter the elements that characterise an application without notably impacting the application's distribution. These elements include the application's name and icon. The detection is initiated from the client side, prior to an application's installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient.

U2 - 10.1016/j.future.2016.05.021

DO - 10.1016/j.future.2016.05.021

M3 - Article

VL - 65

SP - 1

EP - 9

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

ER -