Publication Type

Journal Article

Version

acceptedVersion

Publication Date

5-2022

Abstract

App repackaging has raised serious concerns to the Android ecosystem with the repackage-proofing technology attracting attention in the Android research community. In this paper, we first show that existing repackage-proofing schemes rely on a flawed security assumption, and then propose a new class of active warden attack that intercepts and falsifies the metrics used by repackage-proofing for detecting the integrity violations during repackaging. We develop a proof-of-concept toolkit to demonstrate that all the existing repackage-proofing schemes can be bypassed by our attack toolkit. On the positive side, our analysis further identifies a new integrity metric in the Android ART runtime that can robustly and efficiently indicate bytecode tampering caused by either repackaging or active warden attacks. By associating this new metric with two supplemental verification mechanisms, we construct a multi-party verification framework that significantly raises the bar of repackage-proofing and identify conditions under which the proposed framework could detect app repackaging without getting compromised by active warden attacks.

Keywords

Android security, app repackage-proofing, active warden attack

Discipline

Information Security | Software Engineering

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

19

Issue

5

First Page

3508

Last Page

3520

ISSN

1545-5971

Identifier

10.1109/TDSC.2021.3100877

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TDSC.2021.3100877

Download

Share

COinS