Android: Static Analysis Using Similarity Distance

Abstract

As Android applications become increasingly ubiquitous, we need algorithms and tools to protect applications from product tampering and piracy, while facilitating valid product updates. Since it is easy to derive Java source code from Android byte code, Android applications are particularly vulnerable to tampering. This paper presents an algorithm, based on a customized similarity distance, which returns a value between 0 and 1, which can serve as a change indicator. Potential applications of the algorithm include 1) to determine if obfuscators, applied by developers, are protecting their code from piracy, 2) to determine if an Android application is infected with malware, facilitating the automatic extraction of the injected malware, and 3) to identify valid code updates and releases as part of the code release cycle.