RegionDroid: A Tool for Detecting Android Application Repackaging Based on Runtime UI Region Features
2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)(2018)
摘要
With the rapid development of mobile devices, Android applications (apps) are universally used. However, attackers repackage Android apps and release them to the markets for illegal purposes, which brings great threats to the Android ecosystem. To leverage the popularity of original apps, they keep similar software behaviors to confuse app users. Furthermore, repackaged apps can be obfuscated or encrypted to avoid being detected. Besides, hybrid mobile apps, built by combining web technology and native elements, are becoming a preferred choice for developers. The structure of hybrid apps differs a lot from that of native apps which would raise great challenges to repackaging detection. Existing works still have some limitations in detecting repackaging from obfuscated and encrypted apps. Besides, few of them can deal with hybrid apps. In this paper, we proposed an approach based on the app UI regions extracted from app's runtime UI traces. We also implement a tool named RegionDroid based on the approach. We apply RegionDroid to tree datasets with totally 369 apps. It successfully finds all the 98 obfuscated or encrypted repackaged pairs in dataset S
1
. It also shows good credibility in distinguishing another 114 commercial apps in dataset S
2
. We also test our approach in dataset S
3
with 157 hybrid apps by comparing them pairwisely and the false positive rate is 0.016%.
更多查看译文
关键词
Android application,Repackaging detection,User interface,Obfuscation resilient,Hybrid application
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络