Title: Thwarting Android app repackaging by executable code fragmentation

Authors: Ruxia Fan; Dingyi Fang; Zhanyong Tang; Xiaojiang Chen; Fangyuan Liu; Zhengqiao Li

Addresses: Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China ' Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China ' Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China ' Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China ' Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China ' Department of Information Science and Technology, Northwest University, 1 Xuefu Ave., Guodu Education and Hi-Tech Industries Zone, Chang'an District, Xi'an, Shaanxi Province, China

Abstract: With the increasing popularity and adoption of Android-based smartphones, there are more and more Android malwares in app marketplaces. What's more, most malwares are repackaged versions of legitimate applications. Existing solutions have mostly focused on post-mortem detection of repackaged application. Lately, packing mechanism has been proposed to enable self-defence for Android apps against repackaging. However, since current app packing systems all load the executable file into process memory in plaintext intactly, it can be easily dumped, which would enable the repackaging again. To address this problem, we propose a more effective protection model, DexSplit, to prevent app repackaging. Inspired by the weakness of current app packing model, DexSplit maintains the protected dex file as several pieces throughout this application's entire lifecycle, which makes it difficult to be dumped. Experiments with a DexSplit prototype using six typical apps show that DexSplit effectively defends against app repackaging threats with reasonable performance overhead.

Keywords: Android security; malware; repackaging; memory dump.

DOI: 10.1504/IJHPCN.2017.086536

International Journal of High Performance Computing and Networking, 2017 Vol.10 No.4/5, pp.320 - 331

Available online: 18 Aug 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article