ZTE

ZTE Communications ›› 2016, Vol. 14 ›› Issue (3): 60-66.doi: DOI:10.3969/j.issn.1673-5188.2016.03.008

• Research Paper • Previous Articles    

An Efficient Scheme of Detecting Repackaged Android Applications

QIN Zhongyuan1, PAN Wanpeng2, XU Ying2, FENG Kerong1, and YANG Zhongyun1   

  1. 1. Southeast University, Nanjing 211100, China;
    2. ZTE Corporation, Xi’an 710144, China
  • Received:2015-07-24 Online:2016-08-01 Published:2019-11-29
  • About author:QIN Zhongyuan (zyqin@seu.edu.cn) received the MS degree in computer science and the PhD degree in communication and information system from Xi’an Jiaotong University, China in 1999 and 2003, respectively. He is currently an associate professor in the School of Information Science and Engineering, Southeast University, China. His research interests include wireless network security and Android security. He has published more than 40 papers in refereed international journals and conference proceedings.
    PAN Wanpeng (pan.wanpeng@zte.com.cn) received his MS degree in network and information security from Northwestern Polytechnical University, China in 2007. He is the chief security director of terminal business division at ZTE Corporation. His research interests include Android security and network security.
    XU Ying (xu.ying6@zte.com.cn) received the BOM degree in Information Management and the MS degree in computer application from Zhengzhou University, China in 2005 and 2010. Now she is working with ZTE. Her research interests focus on software testing.
    FENG Kerong (fengkerong@163.com) received the BE degree in communication engineering from China University of Petroleum in 2013. Now she is pursuing her MS degree at Southeast University, China. Her research interests focus on security in Android.
    YANG Zhongyun (midcloud@foxmail.com) received the MS degree in information security from Southeast University, China in 2014. He is currently a software engineer at CoolPad Corporation. His research interests focus on security in Android.
  • Supported by:
    This work was supported by ZTE Industry-Academia-Research Cooperation Funds

PDF (PC)

Abstract: The increasing popularity of Android devices gives birth to a large amount of feature-rich applications (or apps) in various Android markets. Since adversaries can easily repackage malicious code into benign apps and spread them, it is urgent to detect the repackaged apps to maintain healthy Android markets. In this paper we propose an efficient detection scheme based on twice context triggered piecewise hash (T-CTPH), in which CTPH process is called twice so as to generate two fingerprints for each app to detect the repackaged Android applications. We also optimize the similarity calculation algorithm to improve the matching efficiency. Experimental results show that there are about 5% repackaged apps in pre-collected 6438 samples of 4 different types. The proposed scheme improves the detection accuracy of the repackaged apps and has positive and practical significance for the ecological system of the Android markets.

Key words: Android, repackage, similarity, edit distance