Attack of the clones: Detecting cloned applications on android markets

Jonathan Crussell, Clint Gibler, Hao Chen

European Symposium on Research in Computer Security (ESORICS 2012)

Abstract

We present DNADroid, a tool that detects Android application copying, or “cloning”, by robustly computing the similarity between two applications. DNADroid achieves this by comparing program dependency graphs between methods in candidate applications. Using DNADroid, we found at least 141 applications that have been the victims of cloning, some as many as seven times. DNADroid has a very low false positive rate — we manually confirmed that all the applications detected are indeed clones by either visual or behavioral similarity. We present several case studies that give insight into why applications are cloned, including localization and redirecting ad revenue. We describe a case of malware being added to an application and show how DNADroid was able to detect two variants of the same malware. Lastly, we offer examples of an open source cracking tool being used in the wild.

@inproceedings{crussell2012attack,
  title={Attack of the clones: Detecting cloned applications on android markets},
  author={Crussell, Jonathan and Gibler, Clint and Chen, Hao},
  booktitle={European Symposium on Research in Computer Security},
  pages={37--54},
  year={2012},
  organization={Springer, Berlin, Heidelberg}
}

Links:

• PDF