You can’t touch this: Consumer-centric android application repackaging detection

• We propose an application store agnostic repackaging detection method.
• Detection based on elements that an attacker is reluctant to significantly alter.
• 91% detection rate on real repackaged applications.
• Detection of repackaged applications that clone original application’s name and icon.
• Detection of repackaged applications that only clone the application name and icon.

Application repackaging is a widely used method for malware distribution, revenue stealing and piracy. Repackaged applications are modified versions of original applications, that can potentially target large audiences based on the original application’s popularity. In this paper, we propose an approach for detecting repackaged applications. Our approach takes advantage of the attacker’s reluctance to significantly alter the elements that characterise an application without notably impacting the application’s distribution. These elements include the application’s name and icon. The detection is initiated from the client side, prior to an application’s installation, making it application store agnostic. Our experimental results show that detection based on our algorithm is effective and efficient.