Resilient decentralized android application repackaging detection using logic bombs

Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, Zhoujun Li

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

28 Scopus citations

Abstract

Application repackaging is a severe threat to Android users and the market. Existing countermeasures mostly detect repackaging based on app similarity measurement and rely on a central party to perform detection, which is unscalable and imprecise. We instead consider building the detection capability into apps, such that user devices are made use of to detect repackaging in a decentralized fashion. The main challenge is how to protect repackaging detection code from attacks. We propose a creative use of logic bombs, which are regularly used in malware, to conquer the challenge. A novel bomb structure is invented and used: the trigger conditions are constructed to exploit the differences between the attacker and users, such that a bomb that lies dormant on the attacker side will be activated on one of the user devices, while the repackaging detection code, which is packed as the bomb payload, is kept inactive until the trigger conditions are satisfied. Moreover, the repackaging detection code is woven into the original app code and gets encrypted; thus, attacks by modifying or deleting suspicious code will corrupt the app itself. We have implemented a prototype, named BombDroid, that builds the repackaging detection into apps through bytecode instrumentation, and the evaluation shows that the technique is effective, efficient, and resilient to various adversary analysis including symbolic execution, multi-path exploration, and program slicing.

Original languageEnglish
Title of host publicationCGO 2018 - Proceedings of the 2018 International Symposium on Code Generation and Optimization
Pages50-61
Number of pages12
ISBN (Electronic)9781450356176
DOIs
StatePublished - 24 Feb 2018
Event16th International Symposium on Code Generation and Optimization, CGO 2018 - Vienna, Austria
Duration: 24 Feb 201828 Feb 2018

Publication series

NameCGO 2018 - Proceedings of the 2018 International Symposium on Code Generation and Optimization
Volume2018-February

Conference

Conference16th International Symposium on Code Generation and Optimization, CGO 2018
Country/TerritoryAustria
CityVienna
Period24/02/1828/02/18

Keywords

  • Android app repackaging
  • Code obfuscation

Fingerprint

Dive into the research topics of 'Resilient decentralized android application repackaging detection using logic bombs'. Together they form a unique fingerprint.

Cite this