AppInk: Watermarking Android apps for repackaging deterrence

ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Volumn , Issue , 2013, Pages 1-12

  Zhou, Wu ^a   Zhang, Xinwen ^b   Jiang, Xuxian ^a  

^a NORTH CAROLINA STATE UNIVERSITY   (United States)

^b Huawei Research Center   (United States)

Author keywords

app protection; app repackaging; mobile application; smartphone security; software watermarking

Indexed keywords

APP PROTECTION; APP REPACKAGING; MOBILE APPLICATIONS; SMARTPHONE SECURITIES; SOFTWARE WATERMARKING;

COMPUTER APPLICATIONS; MOBILE DEVICES; ROBOTS; SECURITY OF DATA; SMARTPHONES; WATERMARKING;

APPLICATION PROGRAMS;

EID: 84877990556     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2484313.2484315     Document Type: Conference Paper

References (54)

1. Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. Using GUI Ripping for Automated Testing of Android Applications. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, pages 258-261, New York, NY, USA, 2012. ACM.
2. Saswat Anand, Mayur Naik, Hongseok Yang, and Mary Jean Harrold. Automated Concolic Testing of Smartphone Apps. In ACM International Symposium on Foundations of Software Engineering, FSE, 2012.
3. Jien-Tsai Chan and Wuu Yang. Advanced Obfuscation Techniques for Java Bytecode. J. Syst. Softw., 71(1-2):1-10, April 2004.
4. Christian Collberg, Edward Carter, Saumya Debray, Andrew Huntwork, John Kececioglu, Cullen Linn, and Michael Stepp. Dynamic Path-based Software Watermarking. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, PLDI '04, pages 107-118, New York, NY, USA, 2004. ACM.
5. Christian Collberg, Ginger Myles, and Andrew Huntwork. SandMark - A Tool for Software Protection Research. IEEE Security and Privacy, Vol. 1, Num. 4, July/Auguest 2003.
6. Christian Collberg and Clark Thomborson. Software Watermarking: Models and Dynamic Embeddings. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '99, pages 311-324, New York, NY, USA, 1999. ACM.
7. Christian Collberg, Clark Thomborson, and Douglas Low. Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '98, pages 184-196, New York, NY, USA, 1998. ACM.
8. Jonathan Crussell, Clint Gibler, and Hao Chen. Attack of the Clones: Detecting Cloned Applications on Android Markets. In 17th European Symposium on Research in Computer Security, ESORICS 2012, September 2012.
9. Mila Dalla Preda and Roberto Giacobazzi. Control Code Obfuscation by Abstract Interpretation. In Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods, SEFM '05, pages 301-310, Washington, DC, USA, 2005. IEEE Computer Society.
10. DalvikVM.com. Dalvik Virtual Machine - Brief Overview of the Dalvik Virtual Machine and Its Insights. http://www.dalvikvm.com/. Online; accessed at Nov 30, 2012.
11. FITTEST. M[agi]C Tool: M*C Test Generation Tool. http://selab.fbk.eu/magic/. Online; accessed at Dec 1, 2012.
12. Kazuhide Fukushima and Kouichi Sakurai. A Software Fingerprinting Scheme for Java Using Classfiles Obfuscation. In Ki-Joon Chae and Moti Yung, editors, Information Security Applications, volume 2908 of Lecture Notes in Computer Science, pages 303-316. Springer Berlin Heidelberg, 2004.
13. Dan Galpin and Trevor Johns. Evading Pirates and Stopping Vampires Using License Verification Library, In-App Billing, and App Engine. http://www.google.com/events/io/2011/sessions/evading-pirates-and-stopping- vampires-using-license-verification-library-in-app-billing-and-app-engine.html. Online; accessed at Nov 30, 2012.
14. Rakesh Ghiya and Laurie J. Hendren. Is It a Tree, a DAG, or a Cyclic Graph? A Shape Analysis for Heap-directed Pointers in C. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '96, pages 1-15, New York, NY, USA, 1996. ACM.
15. Dieter Habelitz. Java 1.5 Grammar for ANTLR v3 That Builds Trees. http://www.antlr.org/grammar/1207932239307/Java1-5Grammars. Online; accessed at Nov 30, 2012.
16. Steve Hanna, Ling Huang, Saung Li, Charles Chen, and Dawn Song. Juxtapp: A Scalable System for Detecting Code Reuse Among Android Applications. In 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2012, July 2012.
17. Google Inc. Android Application Licensing. http://developer.android.com/ guide/google/play/licensing/index.html. Online; accessed at Nov 30, 2012.
18. Google Inc. Android Debug Bridge. http://developer.android.com/tools/ help/adb.html. Online; accessed at Nov 30, 2012.
19. Google Inc. Android Emulator. http://developer.android.com/tools/help/ emulator.html. Online; accessed at Nov 30, 2012.
20. Google Inc. Building and Running Android App from Command Line. http://developer.android.com/tools/building/building-cmdline.html. Online; accessed at Nov 30, 2012.
21. Google Inc. Testing Fundamental | Android Developers. http://developer.android.com/tools/testing/testing-android.html . Online; accessed at Nov 30, 2012.
22. Google Inc. UI/Application Exerciser Monkey. http://developer.android. com/tools/help/monkey.html. Online; accessed at Nov 30, 2012.
23. Lookout Inc. App Genome Report: February 2011. https://www.mylookout.com/ appgenome/. Online; accessed at Nov 30, 2012.
24. Oracle Inc. Java Debug Interface. http://docs.oracle.com/javase/1.5.0/ docs/guide/jpda/jdi/. Online; accessed at Nov 30, 2012.
25. Saikoa Inc. A Specialized Optimizer and Obfuscator for Android. http://www.saikoa.com/dexguard. Online; accessed at Nov 30, 2012.
26. Yiming Jing, Gail-Joon Ahn, and Hongxin Hu. Model-Based Conformance Testing for Android. In Goichiro Hanaoka and Toshihiro Yamauchi, editors, Advances in Information and Computer Security, volume 7631 of Lecture Notes in Computer Science, pages 1-18. Springer Berlin Heidelberg, 2012.
27. Seolwoo Joo and Changyeon Hwang. Mobile Banking Vulnerability: Android Repackaging Threat. Virus Bulletin, May 2012.
28. Donald Knuth. Fundamental Algorithms, Volume 1 of The Art of Computer Programming, Third Edition. Addison-Wesley, 1997.
29. Eric Lafortune. ProGuard. http://proguard.sourceforge.net/. Online; accessed at Nov 30, 2012.
30. Lohan+. AntiLVL - Android License Verification Library Subversion. http://androidcracking.blogspot. com/p/antilvl-01.html. Online; accessed at Nov 30, 2012.
31. Lohan+. Cracking Amazon DRM. http://androidcracking.blogspot.com/2011/04/ cracking-amazon-drm.html. Online; accessed at Nov 30, 2012.
32. Lohan+. Cracking Verizon's V Cast Apps DRM. http://androidcracking. blogspot.com/2011/06/cracking-verizons-v-cast-apps-drm.html. Online; accessed at Nov 1, 2012.
33. Riyadh Mahmood, Naeem Esfahani, Thabet Kacem, Nariman Mirzaei, Sam Malek, and Angelos Stavrou. A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud. In Proceedings of the 7th International Workshop on Automation of Software Test, AST 2012, 2012.
34. Atif M. Memon. An event-flow model of GUI-based applications for testing: Research Articles. Softw. Test. Verif. Reliab., 17(3):137-157, September 2007.
35. Akito Monden, Hajimu Iida, Ken-ichi Matsumoto, Koji Torii, and Katsuro Inoue. A Practical Method for Watermarking Java Programs. In 24th International Computer Software and Applications Conference, COMPSAC '00, pages 191-197, Washington, DC, USA, 2000. IEEE Computer Society.
36. Jasvir Nagra and Clark Thomborson. Threading Software Watermarks. In Proceedings of the 6th International Conference on Information Hiding, IH'04, pages 208-223, Berlin, Heidelberg, 2004. Springer-Verlag.
37. Jasvir Nagra, Clark Thomborson, and Christian Collberg. A Functional Taxonomy for Software Watermarking. In Proceedings of the Twenty-fifth Australasian Conference on Computer Science - Volume 4, ACSC '02, pages 177-186, Darlinghurst, Australia, Australia, 2002. Australian Computer Society, Inc.
38. Cu D. Nguyen, Alessandro Marchetto, and Paolo Tonella. Combining Model-based and Combinatorial Testing for Effective Test Case Generation. In Proceedings of the 2012 International Symposium on Software Testing and Analysis, ISSTA 2012, pages 100-110, New York, NY, USA, 2012. ACM.
39. Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang. Experience with Software Watermarking. In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, pages 308-, Washington, DC, USA, 2000. IEEE Computer Society.
40. Terence Parr. ANTLR - ANother Tool for Language Recognition. http://www.antlr.org/. Online; accessed at Nov 30, 2012.
41. Android Police. [Updated: Amazon Provides Clarifications] Amazon App Store's DRM To Be More Restrictive Than Google's? http://www.androidpolice.com/ 2011/03/07/amazon-app-stores-drm-to-be-more-restrictive-than- googles/. Online; accessed at Nov 30, 2012.
42. Rahul Potharaju, Andrew Newell, Cristina Nita-Rotaru, and Xiangyu Zhang. Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques. In Proceedings of the 4th International Conference on Engineering Secure Software and Systems, ESSoS'12, pages 106-120, Berlin, Heidelberg, 2012. Springer-Verlag.
43. Todd A. Proebsting and Scott A. Watterson. Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). In In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), 1997.
44. Google Code Project. Android-apktool - Tool for Reengineering Android apk Files. http://code.google.com/p/android- apktool/. Online; accessed at Nov 30, 2012.
45. G. Ramalingam. The Undecidability of Aliasing. ACM Trans. Program. Lang. Syst., 16(5):1467-1471, September 1994.
46. Renas Reda. Robotium. http://code.google.com/p/robotium/. Online; accessed at Nov 30, 2012.
47. Tommi Takala, Mika Katara, and Julian Harty. Experiences of System-Level Model-Based GUI Testing of an Android Application. In Proceedings of the 4th IEEE International Conference on Software Testing, Verification, and Validation (ICST 2011), pages 377-386, Los Alamitos, CA, USA, March 2011. IEEE Computer Society.
48. Arxan Technologies. State of Security in the App Economy: Mobile Apps Under Attack. http://www.arxan.com/assets/1/7/state-of-security-app-economy.pdf, 2012.
49. Paul R. Wilson, Mark S. Johnstone, Michael Neely, and David Boles. Dynamic Storage Allocation: A Survey and Critical Review. In Proceedings of the International Workshop on Memory Management, IWMM '95, pages 1-116, London, UK, UK, 1995. Springer-Verlag.
50. Rubin Xu, Hassen Saïdi, and Ross Anderson. Aurasium: Practical Policy Enforcement for Android Applications. In Proceedings of the 21st USENIX Conference on Security Symposium, Security'12, pages 27-27, Berkeley, CA, USA, 2012. USENIX Association.
51. Min Zheng, Patrick P.C. Lee, and John C.S. Lui. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems . In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, 2012.
52. Wu Zhou, Yajin Zhou, Michael Grace, Xuxian Jiang, and Shihong Zou. Fast, Scalable Detection of Piggybacked Mobile Applications. In Proceedings of the 3nd ACM Conference on Data and Application Security and Privacy, CODASPY '13, February 2013.
53. Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. DroidMOSS: Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, CODASPY '12, February 2012.
54. Yajin Zhou and Xuxian Jiang. Dissecting Android Malware: Characterization and Evolution. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, Oakland 2012, May 2012.