An Accurate And Efficient Two-Phase Scheme For Detecting Android Cloned Applications

The fast-growing Android application market has attracted more and more application developers. However, many plagiarists use decompiled tools to modify original applications to get clones, which has become a serious threat. For detecting cloned applications, most of the existing schemes do not consider the detected accuracy and time consumption at the same time. In this article, we proposea two-phase detection scheme to achieve fast and accurate clone detection in large-scale applications. In the rapid screening phase, a fix-length minhash summary is constructed for each application and the locality-sensitive hashing (LSH) algorithm is used to obtain suspicious cloned applications quickly. In the accurate detection phase, by merging and pruning the layout and interaction information of all user interfaces (UIs) at the application runtime, we obtain the birthmark named merged layout tree (MLT), which can resist nested obfuscation and repacking attack. Finally, cloned apps are detected by calculating the similarity between MLTs from suspicious cloned apps. We evaluate our detection scheme in two app datasets (nearly 170,000 Android applications) and compare it with the state-of-the-art clone detection methods. Extensive experiments show that our method has high accuracy and efficiency for clone detection in large-scale apps.