Android Repackaged Application Detection Based on Function Call Graph

Xingru WU,Yongzhong HE
DOI: https://doi.org/10.3969/j.issn.1000-3428.2017.11.020
2017-01-01
Abstract:Aiming at the phenomenon that there is an increasing number of repackaged applications in the Android third-party application market,this paper proposes a method of detecting Android repackaged applications by using function call graph.It decompiles the application to gain the Smali code,analyzes the Smali code to generate a function call graph,processes the function call graph by using theoperationcode as the attribute of the node,filters the third-party library,and saves the Application Program Interface (API) associated with the interface.On this basis,it uses the Motifs' substructure to representthe function call graph.According to the similarity of the subgraph,it computes the similarity of the application,so as to determine whether it is a repackaged application.Detection results in 1 630 applications in the market show that the proposed method has higher accuracy and better expansibility.
What problem does this paper attempt to address?