Yuta ISHII†a) , Takuya WATANABE † †b) , Nonmembers, Mitsuaki AKIYAMA † †c) , and Tatsuya MORI †d) , Members SUMMARY Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps "clones." However, there are apps that are not clones but are similar to each other. We call such apps "relatives." In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives, while in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware. key words: mobile security, Android, repackaging, large-scale data IntroductionAndroid is an open-source operating system used for mobile devices such as smartphones. Android is one of the most popular mobile device platforms widely used in the world. Worldwide shipments of Android smartphones exceeded 1 billion units in 2014 [2]. The number of Android apps available on Google play has exceeded 2.3 million, as of August, 2016 [3]. Of the millions of Android apps that can work on a billion smartphones, it is known that a nonnegligible number of apps were replicated from the original apps. For instance, through the analysis of 23K apps collected from six different third-party marketplaces, Zhou et al. [4] reported that 5 to 13% of apps hosted on thirdparty marketplaces were repackaged. They also reported in Ref. [5] that "piggybacked apps," which added malicious payloads to legitimate apps, accounted for 0.97% to 2.7% Manuscript received September 7, 2016. Manuscript revised January 29, 2017. Manuscript publicized May 18, 2017. † The authors are with the Dept. of Communication Engineering, Waseda University, Tokyo, 169-8555 Japan.† † The authors are with the NTT Secure Platform Laboratories, Musashino-shi, 180-8585 Japan.* An earlier version of this paper was presented at 2nd ACM International Workshop on Security And Privacy Analytics 2016 [1]. The authors will clear the copyright transfer issues before the publication in case the paper is accepted for publication.a) E-mail: yuta@nsl.cs.waseda.ac.jp b) E-mail: watanabe.takuya@lab.ntt.co.jp c) E-mail: akiyamam@acm.org d) E-mail: mori@nsl.cs.waseda.ac.jp DOI: 10.1587/transinf.2016ICP0012 of 5K apps they collected. In this work, we generally call those repackaged apps "clones." The high number of cl...
This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.