APPraiser: A Large Scale Analysis of Android Clone Apps

Access this Article

Author(s)

Abstract

<p>Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps "<i>clones</i>." However, there are apps that are not <i>clones</i> but are similar to each other. We call such apps "<i>relatives</i>." In this work, we developed a framework called <i>APPraiser</i> that extracts similar apps and classifies them into <i>clones</i> and <i>relatives</i> from the large dataset. We used the <i>APPraiser</i> framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to <i>relatives</i>, while in the third-party marketplace, 50% of similar apps were attributed to <i>clones</i>. The majority of <i>relatives</i> are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the <i>clones</i> that were originally published in the official market, 76% of them are malware.</p>

Journal

  • IEICE Transactions on Information and Systems

    IEICE Transactions on Information and Systems E100.D(8), 1703-1713, 2017

    The Institute of Electronics, Information and Communication Engineers

Codes

Page Top