Abstract
App clone is a serious threat to the mobile app ecosystem, which not only damages the benefits of original developers, but also contributes to spreading malware. App clone detection has received extensive attentions from our research community, and a number of approaches were proposed, which mainly rely on code or visual similarity of the apps. However, the tricky plagiarists in the wild may specifically modify the code or the content of User Interface (UI), which will lead to the ineffectiveness of current methods. In this paper, we propose a robust app clone detection method based on the similarity of UI structure. The key idea behind our approach is based on the finding that content features (e.g., background color) are more likely to be modified by plagiarists, while structure features (e.g., overall hierarchy structure, widget hierarchy structure) are relative stable, which could be used to detect different levels of clone attacks. Experiment results on a labeled benchmark of 4,720 similar app pairs show that our approach could achieve an accuracy of 99.6%. Compare with existing approaches, our approach works in practice with high effectiveness. We have implemented a prototype system and applied it to more than 404,650 app pairs, and we found 1,037 app clone pairs, most of them are piggybacking apps that introduced malicious payloads.
Highlights
Mobile apps have seen widespread adoption in recent year, with over 2.8 million apps in Google Play and billions of downloads [1], [2]
We have proposed a novel approach for android app clone detection based on the similarity of User Interface (UI) structure, which is obfuscation-resilient and efficient even when the content of UI has been changed
Our study is mainly focused on the following two research questions: RQ1 How effective is our approach in detecting app clones? How does our approach compare with existing tools? As we aim to apply our approach to detect app clones from the large dataset, it is important to evaluate the effectiveness of our approach on detecting different types of clone attacks
Summary
Mobile apps have seen widespread adoption in recent year, with over 2.8 million apps in Google Play and billions of downloads [1], [2]. App clone is a major way of malware distribution in Android platform. An APK mainly contains Dalvik bytecode, UI code, resource files, configuration files, and signature information. It needs to sign the Android app if the developer wants to publish it, developers can use their own certificates to sign the APK files without any authorization, which makes it possible to decompress the app and repackage it. Compared to applications on other platforms, Android apps have the following specific characteristics:. (1) Android app is usually implemented in Java language and compiled into Dalvik bytecode subsequently, and it can be developed by native code. It is not feasible to identify these types of clones based solely on static features
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
