Skip to main content
SpringerLink
Log in

Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7591))

Abstract

Mobile application markets such as the Android Marketplace provide a centralized showcase of applications that end users can purchase or download for free onto their mobile phones. Despite the influx of applications to the markets, applications are cursorily reviewed by marketplace maintainers due to the vast number of submissions. User policing and reporting is the primary method to detect misbehaving applications. This reactive approach to application security, especially when programs can contain bugs, malware, or pirated (inauthentic) code, puts too much responsibility on the end users. In light of this, we propose Juxtapp, a scalable infrastructure for code similarity analysis among Android applications. Juxtapp provides a key solution to a number of problems in Android security, including determining if apps contain copies of buggy code, have significant code reuse that indicates piracy, or are instances of known malware. We evaluate our system using more than 58,000 Android applications and demonstrate that our system scales well and is effective. Our results show that Juxtapp is able to detect: 1) 463 applications with confirmed buggy code reuse that can lead to serious vulnerabilities in real-world apps, 2) 34 instances of known malware and variants (13 distinct variants of the GoldDream malware), and 3) pirated variants of a popular paid game.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anzhi android market, http://www.anzhi.com/

  2. Contagio malware dump, http://contagiodump.blogspot.com/

  3. Dalvik virtual machine, http://www.dalvikvm.com/

  4. Developers express concern over pirated games on android market, http://www.guardian.co.uk/technology/blog/2011/mar/17/android-market-pirated-games-concerns/

  5. Exercising our remote application removal feature, http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html

  6. Google in-app billing, http://developer.android.com/guide/market/billing/index.html

  7. Google license verification library, http://developer.android.com/guide/publishing/licensing.html

  8. Hadoop, http://hadoop.apache.org/

  9. Hash functions, http://www.cse.yorku.ca/~oz/hash.html

  10. In-app billing, http://developer.android.com/guide/market/billing/index.html

  11. Mobile threat report, https://www.mylookout.com/mobile-threat-report/

  12. Number of available android applications, http://www.appbrain.com/stats/number-of-android-apps/

  13. Proguard, http://developer.android.com/guide/developing/tools/proguard.html

  14. Up to a million android users affected by malware, says report, http://www.linuxfordevices.com/c/a/News/Lookout-malware-report-2011/

  15. Update: Security alert: Droiddream malware found in official android market, http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

  16. Freemarket: Shopping for free in android applications. Extended Abstract, to appear NDSS (2012)

    Google Scholar 

  17. Baker, B.S., Manber, U.: Deducing similarities in java sources from bytecodes. In: Proceedings of the USENIX Annual Technical Conference (1998)

    Google Scholar 

  18. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of MobiSys (2011)

    Google Scholar 

  19. Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. John Wiley and Sons (2000)

    Google Scholar 

  20. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of ACM CCS (2011)

    Google Scholar 

  21. Gabel, M., Jiang, L., Su, Z.: Scalable detection of semantic clones. In: Proceedings of the 30th International Conference on Software Engineering, ICSE 2008, pp. 321–330. ACM, New York (2008)

    Google Scholar 

  22. Gao, D., Reiter, M.K., Song, D.: BinHunt: Automatically Finding Semantic Differences in Binary Programs. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 238–255. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Hu, X., Cker Chiueh, T., Shin, K.G.: Large-scale malware indexing using function call graphs. In: Proceedings ACM CCS (2009)

    Google Scholar 

  24. Jang, J., Brumley, D., Venkataraman, S.: Bitshred: Feature hashing malware for scalable triage and semantic analysis. In: Proceedings of ACM CCS (2011)

    Google Scholar 

  25. Jiang, L., Misherghi, G., Su, Z., Glondu, S.: Deckard: Scalable and accurate tree-based detection of code clones. In: Proceedings of ICSE (2007)

    Google Scholar 

  26. Weinberger, K., Dasgupta, A., Langford, J., Smola, A., Attenberg, J.: Feature hashing for large scale multitask learning. In: Proceedings of ICML (June 2009)

    Google Scholar 

  27. Kim, H., Jung, Y., Kim, S., Yi, K.: Mecc: memory comparison-based clone detector. In: Proceeding of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 301–310. ACM, New York (2011)

    Google Scholar 

  28. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7 (December 2006)

    Google Scholar 

  29. Li, Z., Lu, S., Myagmar, S., Zhou, Y.: Cp-miner: Finding copy-paste and related bugs in large-scale software code. IEEE Transactions on Software Engineering 32(3) (2006)

    Google Scholar 

  30. Schleimer, S., Wilkerson, D., Aiken, A.: Winnowing: Local algorithms for document fingerprinting. In: Proceedings of the ACM SIGMOD/PODS Conference

    Google Scholar 

  31. Shi, Q., Petterson, J., Dror, G., Langford, J., Smola, A., Strehl, A., Vishwanathan, V.: Hash kernels. In: Proceedings of AISTATS 2009 (2009)

    Google Scholar 

  32. Walenstein, A., Lakhotia, A.: The software similarity problem in malware analysis. In: Proceedings of Duplication, Redundancy, and Similarity in Software (2007)

    Google Scholar 

  33. Yarow, J., Terbush, J.: Android is totally blowing away the competition, http://www.businessinsider.com/chart-of-the-day-android-is-taking-over-the-smartphone-market-2011-11

  34. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Droidmoss: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UC Berkeley, USA

    Steve Hanna, Edward Wu, Saung Li, Charles Chen & Dawn Song

  2. Intel Labs, USA

    Ling Huang

Authors
  1. Steve Hanna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ling Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Edward Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saung Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Charles Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dawn Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department C, HFT Stuttgart, Schellingstr. 24, 70174, Stuttgart, Germany

    Ulrich Flegel

  2. Department of Computer Science, Foundation for Research and Technology – Hellas (FORTH), 100 Plastira Ave, Vassilika Vouton, 70013, Heraklion, Crete, Greece

    Evangelos Markatos

  3. College of Computer and Information Science, Northeastern University, 360 Huntington Ave, 02115, Boston, MA, USA

    William Robertson

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D. (2013). Juxtapp: A Scalable System for Detecting Code Reuse among Android Applications. In: Flegel, U., Markatos, E., Robertson, W. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2012. Lecture Notes in Computer Science, vol 7591. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37300-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37300-8_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37299-5

  • Online ISBN: 978-3-642-37300-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation