Which Android App Store Can Be Trusted in China?

2014 IEEE 38th Annual Computer Software and Applications Conference Pub Date : 2014-07-21 DOI:10.1109/COMPSAC.2014.95

Yiying Ng, Hucheng Zhou, Zhiyuan Ji, Huan Luo, Yuan Dong

{"title":"Which Android App Store Can Be Trusted in China?","authors":"Yiying Ng, Hucheng Zhou, Zhiyuan Ji, Huan Luo, Yuan Dong","doi":"10.1109/COMPSAC.2014.95","DOIUrl":null,"url":null,"abstract":"China has the world's largest Android population with 270 million active users. However, Google Play is only accessible by about 30% of them, and third-party app stores are thus used by 70% of them for daily Android apps (applications) discovery. The trustworthiness of Android app stores in China is still an open question. In this paper, we present a comprehensive study on the trustworthy level of top popular Android app stores in China, by discovering the identicalness and content differences between the APK files hosted in the app stores and the corresponding official APK files. First, we have selected 25 top apps that have the highest installations in China and have the corresponding official ones downloaded from their official websites as oracle, and have collected total 506 APK files across 21 top popular app stores (20 top third party stores as well as Google Play). Afterwards, APK identical checking and APK difference analysis are conducted against the corresponding official versions. Next, assessment is applied to rank the severity of APK files. All the apps are classified into 3 severity levels, ranging from safe (identical and higher level), warning (lower version or modifications on resource related files) to critical (modifications on permission file and/or application codes). Finally, the severity levels contribute to the final trustworthy ranking score of the 21 stores. The study indicates that about only 26.09% of level APK files are safe, 37.74% of them are at warning level, and 36.17% of them are surprisingly at critical level. We have also found out that 10 (about 2%) APK files are modified and resigned by unknown third-parties. In addition, the average trustworthy ranking score (47.37 over 100) has also highlighted that the trustworthy level of the Android app stores in China is relatively low. In conclusion, we suggest Android users to download APK files from its corresponding official websites or use the highest ranked third-party app stores, and we appeal app stores to ensure all hosting APK files are trustworthy enough to provide a \"safe-to-download\" environment.","PeriodicalId":106871,"journal":{"name":"2014 IEEE 38th Annual Computer Software and Applications Conference","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 38th Annual Computer Software and Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC.2014.95","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

Abstract

China has the world's largest Android population with 270 million active users. However, Google Play is only accessible by about 30% of them, and third-party app stores are thus used by 70% of them for daily Android apps (applications) discovery. The trustworthiness of Android app stores in China is still an open question. In this paper, we present a comprehensive study on the trustworthy level of top popular Android app stores in China, by discovering the identicalness and content differences between the APK files hosted in the app stores and the corresponding official APK files. First, we have selected 25 top apps that have the highest installations in China and have the corresponding official ones downloaded from their official websites as oracle, and have collected total 506 APK files across 21 top popular app stores (20 top third party stores as well as Google Play). Afterwards, APK identical checking and APK difference analysis are conducted against the corresponding official versions. Next, assessment is applied to rank the severity of APK files. All the apps are classified into 3 severity levels, ranging from safe (identical and higher level), warning (lower version or modifications on resource related files) to critical (modifications on permission file and/or application codes). Finally, the severity levels contribute to the final trustworthy ranking score of the 21 stores. The study indicates that about only 26.09% of level APK files are safe, 37.74% of them are at warning level, and 36.17% of them are surprisingly at critical level. We have also found out that 10 (about 2%) APK files are modified and resigned by unknown third-parties. In addition, the average trustworthy ranking score (47.37 over 100) has also highlighted that the trustworthy level of the Android app stores in China is relatively low. In conclusion, we suggest Android users to download APK files from its corresponding official websites or use the highest ranked third-party app stores, and we appeal app stores to ensure all hosting APK files are trustworthy enough to provide a "safe-to-download" environment.

查看原文本刊更多论文

在中国，哪个安卓应用商店值得信任?

中国拥有世界上最多的安卓用户，有2.7亿活跃用户。然而，只有30%的用户访问Google Play, 70%的用户使用第三方应用商店进行日常的Android应用发现。安卓应用商店在中国的可信度仍是一个悬而未决的问题。在本文中，我们通过发现应用商店中托管的APK文件与相应的官方APK文件的一致性和内容差异，对中国最受欢迎的Android应用商店的可信赖程度进行了全面的研究。首先，我们选择了25个在中国安装量最高的应用程序，并在其官方网站下载了相应的官方应用程序，并在21个热门应用程序商店(20个第三方商店和Google Play)中收集了506个APK文件。然后针对相应的正式版本进行APK一致性检查和APK差异分析。接下来，应用评估对APK文件的严重性进行排序。所有的应用程序被分为三个严重级别，从安全(相同和更高级别)，警告(低版本或修改资源相关文件)到严重(修改权限文件和/或应用程序代码)。最后，这些严重程度决定了21家商店的最终可信排名得分。研究表明，只有26.09%的级别APK文件是安全的，37.74%的级别APK文件处于警告级别，36.17%的级别APK文件处于危险级别。我们还发现有10个(约2%)APK文件被未知的第三方修改和退出。此外，平均可信赖排名得分(47.37分)也凸显了中国Android应用商店的可信赖程度相对较低。综上所述，我们建议Android用户从其相应的官方网站下载APK文件或使用排名最高的第三方应用商店，并呼吁应用商店确保所有托管的APK文件足够可信，以提供一个“安全下载”的环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 IEEE 38th Annual Computer Software and Applications Conference

自引率

0.00%

发文量