APPraiser: A large scale analysis of android clone apps

Yuta Ishii, Takuya Watanabe, Mitsuaki Akiyama, Tatsuya Mori

    Research output: Contribution to journalArticle

    Abstract

    Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps "clones." However, there are apps that are not clones but are similar to each other. We call such apps "relatives." In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives, while in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware.

    Original languageEnglish
    Pages (from-to)1703-1713
    Number of pages11
    JournalIEICE Transactions on Information and Systems
    VolumeE100D
    Issue number8
    DOIs
    Publication statusPublished - 2017 Aug 1

    Fingerprint

    Application programs
    Android (operating system)
    Mobile devices

    Keywords

    • Android
    • Large-scale data
    • Mobile security
    • Repackaging

    ASJC Scopus subject areas

    • Software
    • Hardware and Architecture
    • Computer Vision and Pattern Recognition
    • Artificial Intelligence
    • Electrical and Electronic Engineering

    Cite this

    APPraiser : A large scale analysis of android clone apps. / Ishii, Yuta; Watanabe, Takuya; Akiyama, Mitsuaki; Mori, Tatsuya.

    In: IEICE Transactions on Information and Systems, Vol. E100D, No. 8, 01.08.2017, p. 1703-1713.

    Research output: Contribution to journalArticle

    Ishii, Yuta ; Watanabe, Takuya ; Akiyama, Mitsuaki ; Mori, Tatsuya. / APPraiser : A large scale analysis of android clone apps. In: IEICE Transactions on Information and Systems. 2017 ; Vol. E100D, No. 8. pp. 1703-1713.
    @article{209916c893e842de85aaca8a494ff3ca,
    title = "APPraiser: A large scale analysis of android clone apps",
    abstract = "Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps {"}clones.{"} However, there are apps that are not clones but are similar to each other. We call such apps {"}relatives.{"} In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79{\%} of similar apps were attributed to relatives, while in the third-party marketplace, 50{\%} of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76{\%} of them are malware.",
    keywords = "Android, Large-scale data, Mobile security, Repackaging",
    author = "Yuta Ishii and Takuya Watanabe and Mitsuaki Akiyama and Tatsuya Mori",
    year = "2017",
    month = "8",
    day = "1",
    doi = "10.1587/transinf.2016ICP0012",
    language = "English",
    volume = "E100D",
    pages = "1703--1713",
    journal = "IEICE Transactions on Information and Systems",
    issn = "0916-8532",
    publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
    number = "8",

    }

    TY - JOUR

    T1 - APPraiser

    T2 - A large scale analysis of android clone apps

    AU - Ishii, Yuta

    AU - Watanabe, Takuya

    AU - Akiyama, Mitsuaki

    AU - Mori, Tatsuya

    PY - 2017/8/1

    Y1 - 2017/8/1

    N2 - Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps "clones." However, there are apps that are not clones but are similar to each other. We call such apps "relatives." In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives, while in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware.

    AB - Android is one of the most popular mobile device platforms. However, since Android apps can be disassembled easily, attackers inject additional advertisements or malicious codes to the original apps and redistribute them. There are a non-negligible number of such repackaged apps. We generally call those malicious repackaged apps "clones." However, there are apps that are not clones but are similar to each other. We call such apps "relatives." In this work, we developed a framework called APPraiser that extracts similar apps and classifies them into clones and relatives from the large dataset. We used the APPraiser framework to study over 1.3 million apps collected from both official and third-party marketplaces. Our extensive analysis revealed the following findings: In the official marketplace, 79% of similar apps were attributed to relatives, while in the third-party marketplace, 50% of similar apps were attributed to clones. The majority of relatives are apps developed by prolific developers in both marketplaces. We also found that in the third-party market, of the clones that were originally published in the official market, 76% of them are malware.

    KW - Android

    KW - Large-scale data

    KW - Mobile security

    KW - Repackaging

    UR - http://www.scopus.com/inward/record.url?scp=85026524788&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85026524788&partnerID=8YFLogxK

    U2 - 10.1587/transinf.2016ICP0012

    DO - 10.1587/transinf.2016ICP0012

    M3 - Article

    AN - SCOPUS:85026524788

    VL - E100D

    SP - 1703

    EP - 1713

    JO - IEICE Transactions on Information and Systems

    JF - IEICE Transactions on Information and Systems

    SN - 0916-8532

    IS - 8

    ER -