Detection of repackaged mobile applications through a collaborative approach

Repackaged applications are based on genuine applications, but they subtlety include some modifications.In particular, trojanized applications are one of the most dangerous threats for smartphones. Malware codemay be hidden inside applications to access private data or to leak user credit. In this paper, we propose acontract-based approach to detect such repackaged applications, where a contract specifies the set of legalactions that can be performed by an application. Current methods to generate contracts lack informationfrom real usage scenarios, thus being inaccurate and too coarse-grained. This may result either in generatingtoo many false positives or in missing misbehaviors when verifying the compliance between the applicationand the contract. In the proposed framework, application contracts are generated dynamically by a centralserver merging execution traces collected and shared continuously by collaborative users executing the appli-cation. More precisely, quantitative information extracted from execution traces is used to define a contractdescribing the expected application behavior, which is deployed to the cooperating users. Then, every usercan use the received contract to check whether the related application is either genuine or repackaged. Sucha verification is based on an enforcement mechanism that monitors the application execution at run-time andcompares it against the contract through statistical tests.