1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for detecting mobile application programs that have been repackaged.
2. Description of the Background Art
Mobile computing devices run mobile operating systems, which are designed to be suitable for computers that are constrained in terms of memory and processor speed. An application program for a mobile operating system is commonly referred to as a “mobile app” or simply as an “app.” A mobile app may be purchased from a mobile app marketplace, which is typically maintained and operated by the vendor of the mobile operating system. Mobile apps may also be purchased from a third-party mobile app marketplace. To purchase a mobile app, a user of a mobile computing device selects a mobile app from a mobile app marketplace, makes an online payment for the mobile app, and then downloads the mobile app onto his mobile computing device. Some mobile apps may also be purchased at no cost.
The ANDROID operating system is an example of a mobile operating system employed in mobile computing devices. Mobile apps for the ANDROID operating system come in a file referred to as the ANDROID application package (APK) file. The APK file is an archive file containing a plurality of files that are needed to run the mobile app, including a file of program code that are executed by the Dalvik process virtual machine of the ANDROID operating system. One problem with an APK file is that it can be unpacked to its constituent files and then repackaged to include additional or modified files. These additional or modified files may comprise malicious code. That is, an authentic ANDROID mobile app may be altered for malicious purposes by repackaging.