Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

ICISC 2014: Information Security and Cryptology - ICISC 2014 pp 241–254Cite as

Detecting Camouflaged Applications on Mobile Application Markets

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8949))

Abstract

Application plagiarism or application cloning is an emerging threat in mobile application markets. It reduces profits of original developers and sometimes even harms the security and privacy of users. In this paper, we introduce a new concept, called camouflaged applications, where external features of mobile applications, such as icons, screenshots, application names or descriptions, are copied. We then propose a scalable detection framework, which can find these suspiciously similar camouflaged applications. To accomplish this, we apply text-based retrieval methods and content-based image retrieval methods in our framework. Our framework is implemented and tested with 30,625 Android applications from the official Google Play market. The experiment results show that even the official market is comprised of 477 potential camouflaged victims, which cover 1.56 % of tested samples. Our paper highlights that these camouflaged applications not only expose potential security threats but also degrade qualities of mobile application markets. Our paper also analyze the behaviors of detected camouflaged applications and calculate the false alarm rates of the proposed framework.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://arstechnica.com/gaming/2012/08/google-play-cracks-down-on-confusingly-similar-apps/.

  2. 2.

    http://www.pocketgamer.co.uk/r/Android/Infinity+Blade+II/news.asp?c=43572.

  3. 3.

    http://m.androidcentral.com/temple-run-android-still-isnt-out-anything-else-just-malware.

References

  1. Balanza, M., Abendan, O., Alintanahin, K., Dizon, J., Caraig, B.: Droiddreamlight lurks behind legitimate android apps. In: Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software, MALWARE 2011, pp. 73–78. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  2. Chen, H.: Underground economy of android application plagiarism. In: Proceedings of the First International Workshop on Security in Embedded Systems and Smartphones, SESP 2013, pp. 1–2. ACM, New York (2013)

    Google Scholar 

  3. Crussell, J., Gibler, C., Chen, H.: Attack of the clones: detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar android applications. In: 18th European Symposium on Research in Computer Security, ESORICS 2013, Egham, U.K. (2013)

    Google Scholar 

  5. Desnos, A.: Android: static analysis using similarity distance. In: Proceedings of the 2012 45th Hawaii International Conference on System Sciences, HICSS 2012, pp. 5394–5403. IEEE Computer Society, Washington, DC (2012)

    Google Scholar 

  6. Gibler, C., Stevens, R., Crussell, J., Chen, H., Zang, H., Choi, H.: Adrob: Examining the landscape and impact of android application plagiarism. In: Proceedings of 11th International Conference on Mobile Systems, Applications and Services (2013)

    Google Scholar 

  7. Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D.: Juxtapp: a scalable system for detecting code reuse among android applications. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 62–81. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile app repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. Huang, J., Kumar, S.R., Mitra, M., Zhu, W.-J., Zabih, R.: Image indexing using color correlograms. In: Proceedings of the 1997 Conference on Computer Vision and Pattern Recognition (CVPR 1997), CVPR 1997, pp. 762–768. IEEE Computer Society, Washington, DC (1997)

    Google Scholar 

  10. Jiang, L., Misherghi, G., Su, Z., Glondu, S.: Deckard: scalable and accurate tree-based detection of code clones. In: Proceedings of the 29th International Conference on Software Engineering, ICSE 2007, pp. 96–105. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  11. Jung, J.-H., Kim, J.Y., Lee, H.-C., Yi, J.H.: Repackaging attack on android banking applications and its countermeasures. Wirel. Pers. Commun. 73(4), 1421–1437 (2013)

    Article  Google Scholar 

  12. Ko, J., Shim, H., Kim, D., Jeong, Y.-S., Cho, S.-J., Park, M., Han, S., Kim, S.B.: Measuring similarity of android applications via reversing and k-gram birthmarking. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, RACS 2013, pp. 336–341. ACM, New York (2013)

    Google Scholar 

  13. Li, S.: Juxtapp and DStruct: detection of similarity among android applications. Master’s thesis, EECS Department, University of California, Berkeley, May 2012

    Google Scholar 

  14. Liebergeld, S., Lange, M.: Android security, pitfalls and lessons learned. In: Gelenbe, E., Lent, R. (eds.) Information Sciences and Systems 2013. LNEE, vol. 264, pp. 409–417. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Lin, Y.-D., Lai, Y.-C., Chen, C.-H., Tsai, H.-C.: Identifying android malicious repackaged applications by thread-grained system call sequences. Comput. Secur. 39, 340–350 (2013)

    Article  Google Scholar 

  16. Lux, M., Chatzichristofis, S.A.: Lire: lucene image retrieval: an extensible java cbir library. In: Proceedings of the 16th ACM International Conference on Multimedia, MM 2008, pp. 1085–1088. ACM, New York (2008)

    Google Scholar 

  17. Marques, O., Lux, M.: Visual information retrieval using java and lire. In: Hersh, W.R., Callan, J., Maarek, Y., Sanderson, M. (eds.) SIGIR, p. 1193. ACM (2012)

    Google Scholar 

  18. McCandless, M., Hatcher, E., Gospodnetic, O.: Lucene in Action: Covers Apache Lucene 3.0, 2nd edn. Manning Publications Co., Greenwich (2010)

    Google Scholar 

  19. Orland, K.: Fake pokemon yellow rises to no. 3 position on itunes app charts (2012)

    Google Scholar 

  20. Play, G.: Intellectual property

    Google Scholar 

  21. Potharaju, R., Newell, A., Nita-Rotaru, C., Zhang, X.: Plagiarizing smartphone applications: attack strategies and defense techniques. In: Barthe, G., Livshits, B., Scandariato, R. (eds.) ESSoS 2012. LNCS, vol. 7159, pp. 106–120. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Vidas, T., Christin, N.: Sweetening android lemon markets: measuring and combating malware in application marketplaces. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 197–208. ACM, New York (2013)

    Google Scholar 

  23. Wang, J.Z., Li, J., Wiederhold, G.: Simplicity: semantics-sensitive integrated matching for picture libraries. IEEE Trans. Pattern Anal. Mach. Intell. 23(9), 947–963 (2001)

    Article  Google Scholar 

  24. Xiang, G., Hong, J.I.: A hybrid phish detection approach by identity discovery and keywords retrieval. In: Proceedings of the 18th International Conference on World Wide Web, WWW 2009, pp. 571–580. ACM, New York (2009)

    Google Scholar 

  25. Zhang, Y., Hong, J.I., Cranor, L.F.: Cantina: a content-based approach to detecting phishing web sites. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 639–648. ACM, New York (2007)

    Google Scholar 

  26. Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 82–101. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  27. Zhou, W., Zhang, X., Jiang, X.: Appink: watermarking android apps for repackaging deterrence. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 1–12. ACM, New York (2013)

    Google Scholar 

  28. Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of “piggybacked” mobile applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 185–196. ACM, New York (2013)

    Google Scholar 

  29. Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 317–326. ACM, New York (2012)

    Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109. IEEE Computer Society (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore, Singapore

    Su Mon Kywe, Yingjiu Li & Robert H. Deng

  2. Human Computer Interaction Institute, Carnegie Mellon University, Pittsburgh, USA

    Jason Hong

Authors
  1. Su Mon Kywe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yingjiu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert H. Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jason Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Su Mon Kywe .

Editor information

Editors and Affiliations

  1. Sejong University, Seoul, Korea, Republic of (South Korea)

    Jooyoung Lee

  2. Kookmin University, Seoul, Korea, Republic of (South Korea)

    Jongsung Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kywe, S.M., Li, Y., Deng, R.H., Hong, J. (2015). Detecting Camouflaged Applications on Mobile Application Markets. In: Lee, J., Kim, J. (eds) Information Security and Cryptology - ICISC 2014. ICISC 2014. Lecture Notes in Computer Science(), vol 8949. Springer, Cham. https://doi.org/10.1007/978-3-319-15943-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15943-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15942-3

  • Online ISBN: 978-3-319-15943-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation