Repack Me If You Can: An Anti-Repackaging Solution Based on Android Virtualization

Antonio Ruggia, Eleonora Losiouk, Luca Verderame, Mauro Conti, Alessio Merlo

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

A growing trend in repackaging attacks exploits the Android virtualization technique, in which malicious code can run together with the victim app in a virtual container. In such a scenario, the attacker can directly build a malicious container capable of hosting the victim app instead of tampering with it, thus neglecting any anti-repackaging protection developed so far. Also, existing anti-virtualization techniques are ineffective since the malicious container can intercept - and tamper with - such controls at runtime. So far, only two solutions have been specifically designed to address virtualization-based repackaging attacks. However, their effectiveness is limited since they both rely on static taint analysis, thus not being able to evaluate code dynamically loaded at runtime. To mitigate such a problem, in this paper we introduce MARVEL, the first methodology that allows preventing both traditional and virtualization-based repackaging attacks. MARVEL strongly relies on the virtualization technique to build a secure virtual environment where protected apps can run and be checked at runtime. To assess the viability and reliability of MARVEL, we implemented it in a tool, i.e., MARVELoid, that we tested by protecting 4000 apps with 24 different configurations of the protection parameters (i.e., 96k protection combinations). MARVELoid was able to inject the protection into 97.3% of the cases, with a processing time of 98 seconds per app on average. Moreover, we evaluated the runtime overhead on 45 apps, showing that the introduced protection has a negligible impact in terms of average CPU (<5%) and memory overhead (<0.5%).

Original languageEnglish
Title of host publicationProceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PublisherAssociation for Computing Machinery (ACM)
Pages970-981
Number of pages12
ISBN (Electronic)9781450385794
DOIs
Publication statusPublished - 2021
Externally publishedYes
Event37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States
Duration: 6 Dec 202110 Dec 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference37th Annual Computer Security Applications Conference, ACSAC 2021
Country/TerritoryUnited States
CityVirtual, Online
Period6/12/2110/12/21

Keywords

  • Android virtualization
  • Anti-repackaging techniques
  • Mobile security

Fingerprint

Dive into the research topics of 'Repack Me If You Can: An Anti-Repackaging Solution Based on Android Virtualization'. Together they form a unique fingerprint.

Cite this