Mobile Device Security

Penn State Researcher Develops System To Detect App Clones on Android Markets

• By Leila Meyer
• 11/03/14

Millions of Android app users are currently using cloned apps, malware designed to mimic legitimate apps but with malicious code embedded to display advertising or steal private information, according to researchers from Penn State and China's Chinese Academy of Sciences.

While methods of detecting app clones already exist, they are not scalable and cannot search for clones across multiple Android app markets, according to information released by Penn State. The researchers have developed a new method they say is more accurate and scalable and that can perform cross-market app clone detection in less than one hour.

Current app clone detection systems examine the control flow and data dependencies inside code fragments. The researchers' new system compares method pairs (MPs), which are pairs of code fragments, by creating a control flow graph (CFG) of those method pairs. Each CFG has a geometric characteristic called a centroid, which is the geometric center of a two-dimensional region and the arithmetic mean position of all points in the shape, according to Penn State. The researchers discovered that they can compare these centroids to distinguish cloned from non-cloned method pairs.

"If two methods in a pair have the same centroid, the MP is almost certain to be cloned. Alternatively, if two methods in an MP have different centroids, the MP is 99 percent to be not-cloned," according to Penn State.

The researchers tested their system on 150,145 apps on five Android markets. After generating centroids only once for the method pairs, they were able to complete the cross-market app clone detection in less than one hour. According to the researchers, their system enables them to "achieve high accuracy without sacrificing scalability when detecting cloned methods."

Implementing this new approach to app clone detection could benefit users, app developers and app market managers. Users would be less vulnerable to installing cloned apps, and legitimate app developers would lose less revenue to app clones. According to a recent study cited in the researchers' paper, "14 percent of the advertising revenue and 10 percent of the user base for a developer are diverted to app clones on average."

The researchers, Peng Liu, a professor at Penn State’s College of Information Sciences and Technology (IST); Kai Chen, a researcher at the State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China; and Yingjun Zhang, a researcher at the Institute of Software, Chinese Academy of Sciences, describe their app clone detection method in a new paper, “Achieving Accuracy and Scalability Simultaneously in Detecting Application Clones on Android Markets,” which they presented at the International Conference on Software Engineering (ICSE) in Hyderabad, South India.

The researchers plan are developing a site where users will be able to upload their apps to find out whether they are authentic or clones. The researchers said they hope to have the site up by the end of this year.