TY  - JOUR
T1  - Forged Android Mobile Apps. Detection System with Server-Side
Signature Verification Method
AU - Lee, Hyung-Woo AU - Lee, Jaekyu 
JO  - Journal of Engineering and Applied Sciences
VL  - 13
IS  - 6
SP  - 1567
EP  - 1574
PY  - 2018
DA  - 2001/08/19
SN  - 1816-949x
DO  - jeasci.2018.1567.1574
UR  - https://makhillpublications.co/view-article.php?doi=jeasci.2018.1567.1574
KW  - Android
KW  -mobile Forged Apps
KW  -repackaging
KW  -signature self-verification
KW  -detection
KW  -process
AB  - Android Apps. developed in Java language is vulnerable to repackaging attacks as it is easy to
decompile an App. Therefore, obfuscation techniques can be used to make it difficult to analyzing the source
of Android Apps. However, repackaging attacks are fundamentally impossible to block. Especially, it has been
confirmed that most Android-based smart phones do not support verification process for the forged
applications. Android is compiled into a class from a Java source and then compressed and stored as a Dex file
to run in the Dalvik virtual machine. Then package the Dex file with xml+resource and distribute it as APK file.
Therefore, if you add a module that maliciously acts after decompiling a Java class file in a normal APK file, you
can create a Counterfeit App. In this study, we propose a process to repackage malicious Forged Apps. from
normal APK files and propose a method to detect Forged Apps. Accordingly, the user installs and uses a Fake
App. that appears to be functioning normally. In this case, the user is easily exposed to attacks such as leakage
of personal information. Therefore, in this study, we have constructed Mobile Apps. identification system that
applies the signature self-verification server monitoring method for Android Apps. and proposed a method of
judging Android mobile Forgery Apps. by performing the verification process.
ER  -