Repacked android application detection using image similarity

The popularity of Android brings many functionalities to its users but it also brings many threats. Repacked Android application is one such threat which is the root of many other threats such as malware, phishing, adware, and economical loss. Earlier many techniques have been proposed for the detection of repacked application but they have their limitations and bottlenecks. In this work, we proposed an image similarity based repacked application detection technique. The proposed work utilized the main idea behind the repacking of application that is “the attacker wants to create fake application looking visually similar to the original". We convert each APK file into a grayscale image and then use perceptual hashing for creating a hash of each image. The string distance algorithms like Hamming distance was used to calculate the distance and searching for the repacked application. The proposed work also used distance calculation on binary features extracted from the app. The proposed work is very powerful in terms of detection accuracy and scanning speed and we achieved 96% accuracy.