An Active Android Application Repacking Detection Approach

Abstract

Repackaging applications as the main carrier of Android malware have caused huge losses to users. In addition, the third-party application market that Android applications rely on is characterized by missing audits and lax supervision, which further encourages the distribution of repackaged applications. Most of the traditional repackaging detection approaches need to rely on a third-party detection platform to passively determine whether or not the Android application is repackaged, which has a high false negative rate. In order to solve the problem, this paper proposes an active detection approach for Android code repacking. The approach embeds code watermarking with the detection code into the appropriate conditional branch code block by means of dynamic loading to achieve the hidden purpose. Then, the active detection approach compares the consistency of the runtime application signature and the original code watermarking signature to realize the code repackaging recognition. Finally, this work takes eight different types of Android applications from Github on three different mobile phones to verify the validity of the approach. Experimental results show that an Android application containing a selfdetecting code watermarking can effectively perform repackaging detection without relying on third parties.