research-article

AppInk: watermarking android apps for repackaging deterrence

Authors:
Wu Zhou

North Carolina State University, Raleigh, NC, USA

North Carolina State University, Raleigh, NC, USA
View Profile

,
Xinwen Zhang

Huawei Research Center, Santa Clara, CA, USA

Huawei Research Center, Santa Clara, CA, USA
View Profile

,
Xuxian Jiang

North Carolina State University, Raleigh, NC, USA

North Carolina State University, Raleigh, NC, USA
View Profile

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityMay 2013Pages 1–12https://doi.org/10.1145/2484313.2484315

Published:08 May 2013Publication History

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 1–12

ABSTRACT

With increased popularity and wide adoption of smartphones and mobile devices, recent years have seen a new burgeoning economy model centered around mobile apps. However, app repackaging, among many other threats, brings tremendous risk to the ecosystem, including app developers, app market operators, and end users. To mitigate such threat, we propose and develop a watermarking mechanism for Android apps. First, towards automatic watermark embedding and extraction, we introduce the novel concept of manifest app, which is a companion of a target Android app under protection. We then design and develop a tool named AppInk, which takes the source code of an app as input to automatically generate a new app with a transparently-embedded watermark and the associated manifest app. The manifest app can be later used to reliably recognize embedded watermark with zero user intervention. To demonstrate the effectiveness of AppInk in preventing app repackaging, we analyze its robustness in defending against distortive, subtractive, and additive attacks, and then evaluate its resistance against two open source repackaging tools. Our results show that AppInk is easy to use, effective in defending against current known repackaging threats on Android platform, and introduces small performance overhead.

References

Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. Using GUI Ripping for Automated Testing of Android Applications. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pages 258--261, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
Saswat Anand, Mayur Naik, Hongseok Yang, and Mary Jean Harrold. Automated Concolic Testing of Smartphone Apps. In ACM International Symposium on Foundations of Software Engineering, FSE, 2012. Google ScholarDigital Library
Jien-Tsai Chan and Wuu Yang. Advanced Obfuscation Techniques for Java Bytecode. J. Syst. Softw., 71(1-2):1--10, April 2004. Google ScholarDigital Library
Christian Collberg, Edward Carter, Saumya Debray, Andrew Huntwork, John Kececioglu, Cullen Linn, and Michael Stepp. Dynamic Path-based Software Watermarking. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, PLDI '04, pages 107--118, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
Christian Collberg, Ginger Myles, and Andrew Huntwork. SandMark - A Tool for Software Protection Research. IEEE Security and Privacy, Vol. 1, Num. 4, July/Auguest 2003. Google ScholarDigital Library
Christian Collberg and Clark Thomborson. Software Watermarking: Models and Dynamic Embeddings. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '99, pages 311--324, New York, NY, USA, 1999. ACM. Google ScholarDigital Library
Christian Collberg, Clark Thomborson, and Douglas Low. Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '98, pages 184--196, New York, NY, USA, 1998. ACM. Google ScholarDigital Library
Jonathan Crussell, Clint Gibler, and Hao Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets. In 17th European Symposium on Research in Computer Security, ESORICS 2012, September 2012.Google Scholar
Mila Dalla Preda and Roberto Giacobazzi. Control Code Obfuscation by Abstract Interpretation. In Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods, SEFM '05, pages 301--310, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
DalvikVM.com. Dalvik Virtual Machine - Brief Overview of the Dalvik Virtual Machine and Its Insights. http://www.dalvikvm.com/. Online; accessed at Nov 30, 2012.Google Scholar
FITTEST. M{agi}C Tool: M*C Test Generation Tool. http://selab.fbk.eu/magic/. Online; accessed at Dec 1, 2012.Google Scholar
Kazuhide Fukushima and Kouichi Sakurai. A Software Fingerprinting Scheme for Java Using Classfiles Obfuscation. In Ki-Joon Chae and Moti Yung, editors, Information Security Applications, volume 2908 of Lecture Notes in Computer Science, pages 303--316. Springer Berlin Heidelberg, 2004.Google Scholar
Dan Galpin and Trevor Johns. Evading Pirates and Stopping Vampires Using License Verification Library, In-App Billing, and App Engine. http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopp%ing-vampires-using-license-verification-library-in-app-billing-and-app-engine.%html. Online; accessed at Nov 30, 2012.Google Scholar
Rakesh Ghiya and Laurie J. Hendren. Is It a Tree, a DAG, or a Cyclic Graph? A Shape Analysis for Heap-directed Pointers in C. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '96, pages 1--15, New York, NY, USA, 1996. ACM. Google ScholarDigital Library
Dieter Habelitz. Java 1.5 Grammar for ANTLR v3 That Builds Trees. http://www.antlr.org/grammar/1207932239307/Java1_5Grammars. Online; accessed at Nov 30, 2012.Google Scholar
Steve Hanna, Ling Huang, Saung Li, Charles Chen, and Dawn Song. Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. In 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2012, July 2012. Google ScholarDigital Library
Google Inc. Android Application Licensing. http://developer.android.com/guide/google/play/licensing/index.html. Online; accessed at Nov 30, 2012.Google Scholar
Google Inc. Android Debug Bridge. http://developer.android.com/tools/help/adb.html. Online; accessed at Nov 30, 2012.Google Scholar
Google Inc. Android Emulator. http://developer.android.com/tools/help/emulator.html. Online; accessed at Nov 30, 2012.Google Scholar
Google Inc. Building and Running Android App from Command Line. http://developer.android.com/tools/building/building-cmdline.html. Online; accessed at Nov 30, 2012.Google Scholar
Google Inc. Testing Fundamental | Android Developers. http://developer.android.com/tools/testing/testing_android.html. Online; accessed at Nov 30, 2012.Google Scholar
Google Inc. UI/Application Exerciser Monkey. http://developer.android.com/tools/help/monkey.html. Online; accessed at Nov 30, 2012.Google Scholar
Lookout Inc. App Genome Report: February 2011. https://www.mylookout.com/appgenome/. Online; accessed at Nov 30, 2012.Google Scholar
Oracle Inc. Java Debug Interface. http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdi/. Online; accessed at Nov 30, 2012.Google Scholar
Saikoa Inc. A Specialized Optimizer and Obfuscator for Android. http://www.saikoa.com/dexguard. Online; accessed at Nov 30, 2012.Google Scholar
Yiming Jing, Gail-Joon Ahn, and Hongxin Hu. Model-Based Conformance Testing for Android. In Goichiro Hanaoka and Toshihiro Yamauchi, editors, Advances in Information and Computer Security, volume 7631 of Lecture Notes in Computer Science, pages 1--18. Springer Berlin Heidelberg, 2012.Google Scholar
Seolwoo Joo and Changyeon Hwang. Mobile Banking Vulnerability: Android Repackaging Threat. Virus Bulletin, May 2012.Google Scholar
Donald Knuth. Fundamental Algorithms, Volume 1 of The Art of Computer Programming, Third Edition. Addison-Wesley, 1997.Google Scholar
Eric Lafortune. ProGuard. http://proguard.sourceforge.net/. Online; accessed at Nov 30, 2012.Google Scholar
Lohan+. AntiLVL - Android License Verification Library Subversion. http://androidcracking.blogspot.com/p/antilvl_01.html. Online; accessed at Nov 30, 2012.Google Scholar
Lohan+. Cracking Amazon DRM. http://androidcracking.blogspot.com/2011/04/cracking-amazon-drm.html. Online; accessed at Nov 30, 2012.Google Scholar
Lohan+. Cracking Verizon's V Cast Apps DRM. http://androidcracking.blogspot.com/2011/06/cracking-verizons-v-cast-apps-drm.html. Online; accessed at Nov 1, 2012.Google Scholar
Riyadh Mahmood, Naeem Esfahani, Thabet Kacem, Nariman Mirzaei, Sam Malek, and Angelos Stavrou. A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud. In Proceedings of the 7th International Workshop on Automation of Software Test, AST 2012, 2012.Google Scholar
Atif M. Memon. An event-flow model of GUI-based applications for testing: Research Articles. Softw. Test. Verif. Reliab., 17(3):137--157, September 2007. Google ScholarDigital Library
Akito Monden, Hajimu Iida, Ken-ichi Matsumoto, Koji Torii, and Katsuro Inoue. A Practical Method for Watermarking Java Programs. In 24th International Computer Software and Applications Conference, COMPSAC '00, pages 191--197, Washington, DC, USA, 2000. IEEE Computer Society. Google ScholarDigital Library
Jasvir Nagra and Clark Thomborson. Threading Software Watermarks. In Proceedings of the 6th International Conference on Information Hiding, IH'04, pages 208--223, Berlin, Heidelberg, 2004. Springer-Verlag. Google ScholarDigital Library
Jasvir Nagra, Clark Thomborson, and Christian Collberg. A Functional Taxonomy for Software Watermarking. In Proceedings of the Twenty-fifth Australasian Conference on Computer Science - Volume 4, ACSC '02, pages 177--186, Darlinghurst, Australia, Australia, 2002. Australian Computer Society, Inc. Google ScholarDigital Library
Cu D. Nguyen, Alessandro Marchetto, and Paolo Tonella. Combining Model-based and Combinatorial Testing for Effective Test Case Generation. In Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA 2012, pages 100--110, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang. Experience with Software Watermarking. In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, pages 308--, Washington, DC, USA, 2000. IEEE Computer Society. Google ScholarDigital Library
Terence Parr. ANTLR - ANother Tool for Language Recognition. http://www.antlr.org/. Online; accessed at Nov 30, 2012.Google Scholar
Android Police. {Updated: Amazon Provides Clarifications} Amazon App Store's DRM To Be More Restrictive Than Google's? http://www.androidpolice.com/2011/03/07/amazon-app-stores-drm-to-be-mor%e-restrictive-than-googles/. Online; accessed at Nov 30, 2012.Google Scholar
Rahul Potharaju, Andrew Newell, Cristina Nita-Rotaru, and Xiangyu Zhang. Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques. In Proceedings of the 4th International Conference on Engineering Secure Software and Systems, ESSoS'12, pages 106--120, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarDigital Library
Todd A. Proebsting and Scott A. Watterson. Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). In In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), 1997. Google ScholarDigital Library
Google Code Project. Android-apktool - Tool for Reengineering Android apk Files. http://code.google.com/p/android-apktool/. Online; accessed at Nov 30, 2012.Google Scholar
G. Ramalingam. The Undecidability of Aliasing. ACM Trans. Program. Lang. Syst., 16(5):1467--1471, September 1994. Google ScholarDigital Library
Renas Reda. Robotium. http://code.google.com/p/robotium/. Online; accessed at Nov 30, 2012.Google Scholar
Tommi Takala, Mika Katara, and Julian Harty. Experiences of System-Level Model-Based GUI Testing of an Android Application. In Proceedings of the 4th IEEE International Conference on Software Testing, Verification, and Validation (ICST 2011), pages 377--386, Los Alamitos, CA, USA, March 2011. IEEE Computer Society. Google ScholarDigital Library
Arxan Technologies. State of Security in the App Economy: Mobile Apps Under Attack. http://www.arxan.com/assets/1/7/state-of-security-app-economy.pdf, 2012.Google Scholar
Paul R. Wilson, Mark S. Johnstone, Michael Neely, and David Boles. Dynamic Storage Allocation: A Survey and Critical Review. In Proceedings of the International Workshop on Memory Management, IWMM '95, pages 1--116, London, UK, UK, 1995. Springer-Verlag. Google ScholarDigital Library
Rubin Xu, Hassen Saıdi, and Ross Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 27--27, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
Min Zheng, Patrick P.C. Lee, and John C.S. Lui. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems . In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012. Google ScholarDigital Library
Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, Scalable Detection of Piggybacked Mobile Applications. In Proceedings of the 3nd ACM Conference on Data and Application Security and Privacy, CODASPY '13, February 2013. Google ScholarDigital Library
Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, CODASPY '12, February 2012. Google ScholarDigital Library
Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, Oakland 2012, May 2012. Google ScholarDigital Library

Index Terms

AppInk: watermarking android apps for repackaging deterrence
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Fast, scalable detection of "Piggybacked" mobile applications
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Mobile applications (or apps) are rapidly growing in number and variety. These apps provide useful features, but also bring certain privacy and security risks. For example, malicious authors may attach destructive payloads to legitimate apps to create ...
Read More
Droidmarking: resilient software watermarking for impeding android application repackaging
ASE '14: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

Software plagiarism in Android markets (app repackaging) is raising serious concerns about the health of the Android ecosystem. Existing app repackaging detection techniques fall short in detection efficiency and in resilience to circumventing attacks; ...
Read More
VirtualSwindle: an automated attack against in-app billing on android
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

Since its introduction, Android's in-app billing service has quickly gained popularity. The in-app billing service allows users to pay for options, services, subscriptions, and virtual goods from within mobile apps themselves. In-app billing is ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
May 2013
574 pages
ISBN:9781450317672
DOI:10.1145/2484313
General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 May 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
app protection
app repackaging
mobile application
smartphone security
software watermarking
Qualifiers
- research-article
Conference

Acceptance Rates
ASIA CCS '13 Paper Acceptance Rate35of216submissions,16%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 62
  Total Citations
  View Citations
- 853
  Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

AppInk: watermarking android apps for repackaging deterrence

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Fast, scalable detection of "Piggybacked" mobile applications

Droidmarking: resilient software watermarking for impeding android application repackaging

VirtualSwindle: an automated attack against in-app billing on android