Mobile forged app identification system with centralized signature self-verification method

Abstract

Android apps developed in Java language is vulnerable to repackaging attacks as it is easy to decompile an app. Therefore, obfuscation techniques can be used to make it difficult to analyzing the source of Android apps. However, repackaging attacks are fundamentally impossible to block. Especially, it has been confirmed that most Android-based smart phones do not support verification process for the forged applications. Accordingly, the user installs and uses a fake app that appears to be functioning normally. In this case, the user is easily exposed to attacks such as leakage of personal information. Therefore, in this paper, we have constructed mobile apps identification system that applies the signature self-verification server monitoring method for Android apps and proposed a method of judging Android mobile forgery apps by performing the verification process.