Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

European Symposium on Research in Computer Security

ESORICS 2012: Computer Security – ESORICS 2012 pp 37–54Cite as

  1. Home
  2. Computer Security – ESORICS 2012
  3. Conference paper
Attack of the Clones: Detecting Cloned Applications on Android Markets

Attack of the Clones: Detecting Cloned Applications on Android Markets

  • Jonathan Crussell19,20,
  • Clint Gibler19 &
  • Hao Chen19 
  • Conference paper
  • 4809 Accesses

  • 128 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7459)

Abstract

We present DNADroid, a tool that detects Android application copying, or “cloning”, by robustly computing the similarity between two applications. DNADroid achieves this by comparing program dependency graphs between methods in candidate applications. Using DNADroid, we found at least 141 applications that have been the victims of cloning, some as many as seven times. DNADroid has a very low false positive rate — we manually confirmed that all the applications detected are indeed clones by either visual or behavioral similarity. We present several case studies that give insight into why applications are cloned, including localization and redirecting ad revenue. We describe a case of malware being added to an application and show how DNADroid was able to detect two variants of the same malware. Lastly, we offer examples of an open source cracking tool being used in the wild.

Keywords

  • Similarity Score
  • Android Application
  • Video Player
  • Clone Detection
  • Native Code

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Amazon appstore (May 2012), http://www.amazon.com/mobile-apps/

  2. Android soft 4 u market (May 2012), http://www.androidsoft4u.com/

  3. Androidonline market (May 2012), http://www.androidonline.net/

  4. Apache hadoop (May 2012), http://hadoop.apache.org/

  5. App china market (May 2012), http://www.appchina.com/

  6. Brother soft market (May 2012), http://www.brothersoft.com/

  7. Eoemarket (May 2012), http://www.eoemarket.com/

  8. Freeware lovers market (May 2012), http://freewarelovers.com

  9. Gartner says sales of mobile devices grew 5.6 percent in third quarter of 2011; smartphone sales increased 42 percent (May 2012), http://www.gartner.com/it/page.jsp?id=1848514

  10. Goapk market (May 2012), http://market.goapk.com

  11. Handango market (May 2012), http://www.handango.com/

  12. M360 market (May 2012), http://app.m.360.cn/

  13. One mobile market (May 2012), http://www.1mobile.com/

  14. Slideme: Android community and application marketplace (May 2012), http://slideme.org/

  15. Virustotal (May 2012), http://virustotal.com

  16. Wooboo advertising library (May 2012), http://www.wooboo.com.cn/

  17. Youmi advertising library (May 2012), http://www.youmi.net

  18. Aiken, A.: Moss (measure of software similarity) plagiarism detection system (1998)

    Google Scholar 

  19. Androguard: Androguard: Manipulation and protection of android apps and more... (May 2012), http://code.google.com/p/androguard/

  20. Apache. Solr (May 2012), http://lucene.apache.org/solr/

  21. AppBrain. Number of available android applications (May 2012), http://www.appbrain.com/stats/number-of-android-apps

  22. BajaBob. Smalihook. java found on my hacked application (May 2012), http://stackoverflow.com/questions/5600143/android-game-keeps-getting-hacked

  23. Beard, S.: Market shocker! iron soldiers xda beta published by alleged thief (May 2012), http://androidheadlines.com/2011/01/market-shocker-iron-soldiers-xda-beta-published-by-alleged-thief.html

  24. Burns, M.: 850k daily android activations, 300m total devices, says andy rubin (May 2012), http://techcrunch.com/2012/02/27/850k-android-activations-daily-300m-total-devices-says-andy-rubin/

  25. IBM T. J. Watson Research Center. Watson libraries for analysis (wala) (May 2012), http://wala.sourceforge.net/wiki/index.php/Main_Page

  26. Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (sub) graph isomorphism algorithm for matching large graphs. IEEE Transactions on Pattern Analysis and Machine Intelligence 26(10), 1367–1372 (2004)

    CrossRef  Google Scholar 

  27. Davis, I.: Dexcd (May 2012), http://www.swag.uwaterloo.ca/dexcd/index.html

  28. Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6. USENIX Association (2010)

    Google Scholar 

  29. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  30. Freke, J.: smali: An assembler/disassembler for android’s dex format (May 2012), https://code.google.com/p/smali/

  31. Google. Android market (May 2012), http://market.android.com

  32. Jhi, Y.C., Wang, X., Jia, X., Zhu, S., Liu, P., Wu, D.: Value-based program characterization and its application to software plagiarism detection. In: Proceeding of the 33rd International Conference on Software Engineering, pp. 756–765. ACM (2011)

    Google Scholar 

  33. Jiang, X.: Security alert: New android malware – hipposms – found in alternative android markets (May 2012), http://www.cs.ncsu.edu/faculty/jiang/HippoSMS/

  34. Liu, C., Chen, C., Han, J., Yu, P.S.: Gplag: detection of software plagiarism by program dependence graph analysis. In: Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 872–881. ACM (2006)

    Google Scholar 

  35. Lockheimer, H.: Android and security (April 2012), http://googlemobile.blogspot.com/2012/02/android-and-security.html

  36. lohan: Antilvl - android license verification library subversion (May 2012), http://androidcracking.blogspot.com/p/antilvl.html

  37. Myles, G., Collberg, C.: Detecting software theft via whole program path birthmarks. In: Information Security, pp. 404–415 (2004)

    Google Scholar 

  38. Prechelt, L., Malpohl, G., Philippsen, M.: Finding plagiarisms among a set of programs with jplag. J. UCS 8(11), 1016 (2002)

    Google Scholar 

  39. pxb1988, dex2jar: A tool for converting android’s .dex format to java’s .class format (May 2012), https://code.google.com/p/dex2jar/

  40. Schleimer, S., Wilkerson, D.S., Aiken, A.: Winnowing: local algorithms for document fingerprinting. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, pp. 76–85. ACM (2003)

    Google Scholar 

  41. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of 2nd ACM Conference on Data and Application Security and Privacy, CODASPY 2012 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Davis, USA

    Jonathan Crussell, Clint Gibler & Hao Chen

  2. Sandia National Labs, Livermore, CA, USA

    Jonathan Crussell

Authors
  1. Jonathan Crussell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Clint Gibler
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Sara Foresti

  2. Computer Science Department, Columbia University, 1214 Amsterdam Avenue, 10025, New York, NY, US

    Moti Yung

  3. Institute of Informatics and Telematics, Information Security Group, National Research Council, Pisa Research Area, Via G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Crussell, J., Gibler, C., Chen, H. (2012). Attack of the Clones: Detecting Cloned Applications on Android Markets. In: Foresti, S., Yung, M., Martinelli, F. (eds) Computer Security – ESORICS 2012. ESORICS 2012. Lecture Notes in Computer Science, vol 7459. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33167-1_3

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-33167-1_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33166-4

  • Online ISBN: 978-3-642-33167-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature