App Clone Research Articles

Robust App Clone Detection Based on Similarity of UI Structure

App clone is a serious threat to the mobile app ecosystem, which not only damages the benefits of original developers, but also contributes to spreading malware. App clone detection has received extensive attentions from our research community, and a number of approaches were proposed, which mainly rely on code or visual similarity of the apps. However, the tricky plagiarists in the wild may specifically modify the code or the content of User Interface (UI), which will lead to the ineffectiveness of current methods. In this paper, we propose a robust app clone detection method based on the similarity of UI structure. The key idea behind our approach is based on the finding that content features (e.g., background color) are more likely to be modified by plagiarists, while structure features (e.g., overall hierarchy structure, widget hierarchy structure) are relative stable, which could be used to detect different levels of clone attacks. Experiment results on a labeled benchmark of 4,720 similar app pairs show that our approach could achieve an accuracy of 99.6%. Compare with existing approaches, our approach works in practice with high effectiveness. We have implemented a prototype system and applied it to more than 404,650 app pairs, and we found 1,037 app clone pairs, most of them are piggybacking apps that introduced malicious payloads.

AppAuth: Authorship Attribution for Android App Clones

Android app clone detection has been extensively studied in our community, and a number of effective approaches and frameworks were proposed and released. However, there still remains one open challenge that has not been well addressed in previous work, i.e., the authorship attribution for the detected app clones. Although state-of-the-art approaches could accurately identify repackaged apps in one way or another, no convincing method has been proposed to identify the original app and the authentic author from the repackaged app pairs, which greatly limits the usage scenario of app clone detection techniques. For example, app market maintainers have to manually confirm the identified repackaged app pairs, while in most cases, it is challenging for them to make an accurate decision. In this paper, we propose AppAuth, a novel learning-based approach to predict the authorship of app clones. To be specific, for a given Android app clone pair (or a group of repackaged apps identified), AppAuth could accurately infer the original author of the plagiarized apps. Our approach is motivated by the traditional authorship attribution studies on binary files. AppAuth first extracts a number of coding-style-related features from the executable .apk files, and then relies on machine learning techniques to train a classification model. We have conducted extensive experiments to evaluate the effectiveness of AppAuth. The experiment results suggest that we are able to infer the authorship for Android app clones with high precision. Our work is the first one that tackles the problem systematically and we believe our efforts could positively contribute to the research community and boost the research of app repacking detection and authorship attribution studies.

RomaDroid: A Robust and Efficient Technique for Detecting Android App Clones Using a Tree Structure and Components of Each App’s Manifest File

There are various types of Android apps, such as entertainment apps, health and fitness apps, travel apps, educational apps, business apps, and so on. Android apps can contain business logic, maintain sensitive personal information, and act as a bridge between IoT devices and cloud servers. Since illegal users frequently make a copy of a legitimate Android app and redistribute the plagiarized app for commercial or malicious purposes, many studies have been conducted to detect repackaged/cloned apps and make the Android ecosystem safer. A malicious attacker might apply code obfuscation to avoid app clone detection. Therefore, it is necessary to consider the effects of code obfuscation when detecting cloned apps. In this paper, we design and implement a tool called RomaDroid, which can detect efficiently cloned apps based on features inherent in each app's AndroidManifest.xml file. The manifest file is XML structure defined by tags or attributes and its XML document can be modeled as an ordered labeled tree. The RomaDroid creates a string from the hierarchical tree structure of tags as well as the class name of the components related to intent-filter tags in the manifest file, which are robust to code obfuscation. That is, we create a string from each manifest file of two apps to be compared and measure the similarity between the created two strings with the longest common subsequence (LCS) algorithm. If the measured similarity exceeds a certain threshold, the two apps are determined to be a clone pair (or similar app pair). To validate the RomaDroid, we perform various experiments with both non-obfuscated apps and their obfuscated versions generated by three obfuscation tools. The experimental results show that the RomaDroid detects accurately cloned apps even in the cases code obfuscation has been applied.

An Efficient and Packing-Resilient Two-Phase Android Cloned Application Detection Approach

The huge benefit of mobile application industry has attracted a large number of developers and attendant attackers. Application repackaging provides help for the distribution of most Android malware. It is a serious threat to the entire Android ecosystem, as it not only compromises the security and privacy of the app users but also plunders app developers’ income. Although massive approaches have been proposed to address this issue, plagiarists try to fight back through packing their malicious code with the help of commercial packers. Previous works either do not consider the packing issue or rely on time-consuming computations, which are not scalable for large-scale real-world scenario. In this paper, we propose FUIDroid, a novel two-phase app clones detection system that can detect the packed cloned app. FUIDroid includes a function-based fast selection phase to quickly select suspicious apps by analyzing apps’ description and a further UI-based accurate detection phase to refine the detection result. We evaluate our system on two sets of apps. The result from experiment on 320 packed samples demonstrates that FUIDroid is resilient to packed apps. The evaluation on more than 150,000 real-world apps shows the efficiency of FUIDroid in large-scale scenario.

Functional activity of the novel Alzheimer's amyloid β-peptide interacting domain (AβID) in the APP and BACE1 promoter sequences and implications in activating apoptotic genes and in amyloidogenesis

Amyloid-β peptide (Aβ) plaque in the brain is the primary ( post mortem) diagnostic criterion of Alzheimer's disease (AD). The physiological role(s) of Aβ are poorly understood. We have previously determined an Aβ interacting domain (AβID) in the promoters of AD-associated genes (Maloney and Lahiri, 2011. Gene. 15,doi:10.1016/j.gene.2011.06.004. epub ahead of print.). This AβID interacts in a DNA sequence-specific manner with Aβ. We now demonstrate novel Aβ activity as a possible transcription factor. Herein, we detected Aβ–chromatin interaction in cell culture by ChIP assay. We observed that human neuroblastoma (SK–N–SH) cells treated with FITC conjugated Aβ1–40 localized Aβ to the nucleus in the presence of H 2O 2-mediated oxidative stress. Furthermore, primary rat fetal cerebrocortical cultures were transfected with APP and BACE1 promoter–luciferase fusions, and rat PC12 cultures were transfected with polymorphic APP promoter–CAT fusion clones. Transfected cells were treated with different Aβ peptides and/or H 2O 2. Aβ treatment of cell cultures produced a DNA sequence-specific response in cells transfected with polymorphic APP clones. Our results suggest the Aβ peptide may regulate its own production through feedback on its precursor protein and BACE1, leading to amyloidogenesis in AD.

Molecular cloning and expression in COS-1 cells of pig kidney aminopeptidase P.

Aminopeptidase P (AP-P; X-Pro aminopeptidase; EC 3.4.11.9), a key enzyme in the metabolism of the vasodilator bradykinin, has been cloned from a pig kidney cortex cDNA library following the use of the PCR to identify sub-libraries enriched in AP-P clones. The complete primary sequence of the enzyme has been deduced from a full-length cDNA clone. This predicts a protein of 673 amino acids with a cleavable N-terminal signal sequence and six potential N-linked glycosylation sites. A stretch of mainly hydrophobic amino acids at the C-terminus is predicted to co-ordinate the attachment of a glycosyl-phosphatidylinositol (GPI) membrane anchor. Although AP-P is a zinc metallopeptidase, the predicted primary sequence does not contain any recognizable zinc-binding motif. Transient expression of AP-P cDNA in COS-1 cells resulted in enzymic activity characteristic of AP-P, namely apstatin- and EDTA-sensitive hydrolysis of bradykinin and Gly-Pro-Hyp. The expressed protein was recognized as a polypeptide of M(r)91,000 under reducing conditions, following immunoblotting of COS-1 membranes with a polyclonal antibody raised against purified pig kidney AP-P. The presence of a GPI anchor on expressed AP-P was established by demonstrating release of the enzyme from a membrane fraction following treatment with bacterial phosphatidylinositol-specific phospholipase C and its corresponding conversion from an amphipathic to a hydrophilic form, as assessed by phase separation in Triton X-114. Sequence comparisons confirm that AP-P is a member of the proline peptidase family of hydrolytic enzymes and is unrelated in sequence to other brush-border membrane peptidases.