Thwarting Android app repackaging by executable code fragmentation

With the increasing popularity and adoption of Android-based smartphones, there are more and more Android malwares in app marketplaces. What's more, most malwares are repackaged versions of legitimate applications. Existing solutions have mostly focused on post-mortem detection of repackaged application. Lately, packing mechanism has been proposed to enable self-defence for Android apps against repackaging. However, since current app packing systems all load the executable file into process memory in plaintext intactly, it can be easily dumped, which would enable the repackaging again. To address this problem, we propose a more effective protection model, DexSplit, to prevent app repackaging. Inspired by the weakness of current app packing model, DexSplit maintains the protected dex file as several pieces throughout this application's entire lifecycle, which makes it difficult to be dumped. Experiments with a DexSplit prototype using six typical apps show that DexSplit effectively defends against app repa...