CloneSpot: fast detection of Android repackages Articles uri icon

publication date

  • May 2019

start page

  • 740

end page

  • 748

volume

  • 94

International Standard Serial Number (ISSN)

  • 0167-739X

Electronic International Standard Serial Number (EISSN)

  • 1872-7115

abstract

  • Repackaging of applications is one of the key attack vectors for mobile malware. This is particularly easy and popular in Android Markets, where applications can be downloaded, decompiled, modified and re-uploaded at a very low cost. Detecting clones and victims is often a hard task, especially in markets with several million of applications to analyze, such as Google Play Store. This work proposes CloneSpot, a novel methodology to efficiently detect Repackaged versions of Android apps using Min Hashing techniques applied to applications' meta-data publicly available at Google Play. We validate our approach by analyzing 1.3 Million of applications collected from Google Play in September 2017, from which around 420K are detected as potential repackaged or victim versions of other applications. (C) 2018 Elsevier B.V. All rights reserved.

keywords

  • android malware; repackaging; min-hashing; meta-information