Abstract:
Android malware and pirated apps created by repackaging have become a serious problem. To prevent attackers from repackaging, it is important to harden apps by using self-protection methods before distributing them. However, these countermeasures are taken by individual application developers. Thus, it depends on the developer’s security awareness and implementation skills. In fact, most apps are not protected, or attackers can easily defeat an app’s protection scheme. Therefore, we proposes a self-protection method that is robust against evasion attacks. The proposed method automatically builds the capability of repackaging detection into apps. It randomly splits detection code into several blocks, which are directly inserted into the bytecode of apps. Evaluation results indicate that the robustness score, which is calculated based on false positives from viewpoints of attackers, is 3.5 times higher than that with the existing method. The proposed method can also easily protect apps because it only requires their bytecode.