By simply adding malicious code or advertisements in legitimate smartphone apps, attackers could benefit a lot from repackaging. The existing license protection mechanisms can be easily subverted by repackaged apps. A major defense is to detect. However, detection requires finding at least two 'similar' apps simultaneously. We propose a self-defending approach: let a repackaged app automatically expose itself. However, it is very challenging to achieve this goal. If developers and smartphones/users do not share any secret, attackers' app repackaging studio would be able to do whatever legitimate smartphones/users are able to do. We find that there exists a unique information asymmetry between developers and attackers. Leveraging this asymmetry, our new self-defending code (SDC) approach encrypts parts of the app code at compile time and dynamically decrypts the ciphertext code at run-time. Different from previous work, the key is derived from both the information asymmetry and the app's checksum. Once the app is repackaged, the changed checksum will let the app run abnormally, further exposing the repackaging. The information asymmetry protects the key from being attacked. We build a smartphone anti-repackaging system prototype. To the best of our knowledge, this is the first work that lets repackaged apps automatically malfunction while having none effect on a benign app's function.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Electrical and Electronic Engineering