An APK Integrity Verification Mechanism for Third-party Android Marketplace

• Main Authors: Shau-Kang Lu, 呂紹綱
• Other Authors: Nai-Wei Lo
• Format: Others
• Language: en_US
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/95507803381385355269

碩士 === 國立臺灣科技大學 === 資訊管理系 === 103 === The security issue of Android third-party markets has been one of the biggest problems in Android ecosystem. Without the authentication from official organization like Google, there might exist many malicious apps in the third-party markets. When users download apps from those insecure markets, they probably downloaded some malicious apps and the result can be serious. Minor impact can result in the privacy information leakage, while major impact can cause the loss of one's money or endanger one's life. In this paper, we present a mechanism for verifying the app integrity by combining the app fingerprint and an app database with whitelist / blacklist. Based on the fingerprint and database, we built a customized Android market called Secure Market. When someone upload apps to the Secure Market, the apps will be verified by the integrity verification mechanism immediately so that we can ensure the apps from Secure Market are almost secure. Finally, with collected normal/repackaged apps, the testing scenarios has shown that this integrity verification mechanism can almost help us to filter out the malicious apps, which are unqualified for uploading.