App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild to fool the final user into installing the repackaged app instead of the original one. In this way, an attacker can embed malicious payload into a legitimate app for different aims, such as access to premium features, redirect revenue, or access to user's private data. In the Android ecosystem, apps are available on public stores, and the only requirement for an app to execute properly is to be digitally signed. Due to this, the repackaging threat is widely spread. Anti-repackaging techniques aim to make harder the repackaging process for an attack adding logical controls – called detection node – in the app at compile-time. Such controls check the app integrity at runtime to detect tampering. If tampering is recognized, the detection nodes lead the repackaged app to fail (e.g., throwing an exception). From an attacker's standpoint, she must detect and bypass all controls to repackage safely. In this work, we propose a novel anti-repackaging scheme – called ARMAND – which aims to overcome the limitations of the current protection schemes. We have implemented this scheme into a prototype – named ARMANDroid – which leverages multiple protection patterns and relies on native code. The evaluation phase of ARMANDroid on 30.000 real-world Android apps showed that the scheme is robust against the common attack vectors and efficient in terms of time and space overhead.

ARMAND: Anti-Repackaging through Multi-pattern Anti-tampering based on Native Detection

Merlo A.;Ruggia A.;Sciolla L.;Verderame L.
2021-01-01

Abstract

App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild to fool the final user into installing the repackaged app instead of the original one. In this way, an attacker can embed malicious payload into a legitimate app for different aims, such as access to premium features, redirect revenue, or access to user's private data. In the Android ecosystem, apps are available on public stores, and the only requirement for an app to execute properly is to be digitally signed. Due to this, the repackaging threat is widely spread. Anti-repackaging techniques aim to make harder the repackaging process for an attack adding logical controls – called detection node – in the app at compile-time. Such controls check the app integrity at runtime to detect tampering. If tampering is recognized, the detection nodes lead the repackaged app to fail (e.g., throwing an exception). From an attacker's standpoint, she must detect and bypass all controls to repackage safely. In this work, we propose a novel anti-repackaging scheme – called ARMAND – which aims to overcome the limitations of the current protection schemes. We have implemented this scheme into a prototype – named ARMANDroid – which leverages multiple protection patterns and relies on native code. The evaluation phase of ARMANDroid on 30.000 real-world Android apps showed that the scheme is robust against the common attack vectors and efficient in terms of time and space overhead.
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S1574119221000857-main.pdf

accesso aperto

Descrizione: Articolo su rivista
Tipologia: Documento in versione editoriale
Dimensione 2.08 MB
Formato Adobe PDF
2.08 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11567/1080496
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
social impact