Abstract :
As Android applications become increasingly ubiquitous, we need algorithms and tools to protect applications from product tampering and piracy, while facilitating valid product updates. Since it is easy to derive Java source code from Android byte code, Android applications are particularly vulnerable to tampering. This paper presents an algorithm, based on a customized similarity distance, which returns a value between 0 and 1, which can serve as a change indicator. Potential applications of the algorithm include 1) to determine if obfuscators, applied by developers, are protecting their code from piracy, 2) to determine if an Android application is infected with malware, facilitating the automatic extraction of the injected malware, and 3) to identify valid code updates and releases as part of the code release cycle.
Keywords :
Java; computer crime; invasive software; program diagnostics; source coding; Android application; Android bytecode; Java source code; automatic extraction; change indicator; code release cycle; customized similarity distance; injected malware; obfuscator; product piracy; product tampering; static analysis; Algorithm design and analysis; Androids; Clustering algorithms; Compressors; Humanoid robots; Java; Smart phones; Android; Diffing; Similarity; Static Analysis;
