Currently, a lot of malicious application software modifies an original installation package through repackaging, so as to embed advertisements into the original installation package, automatically download malware, and implement root programs, etc.
A repackaging process is shown in FIG. 1. First, the original installation package is decompiled to obtain a source code of the original installation package. Then, a user modifies the source code, for example, adds another code, and the added code can be an advertisement, or can be a program for automatically downloading malware, etc. Finally, a modified file is repackaged to obtain a repackaged installation package.
Because the source code is modified in the previous repackaging process, a self-signature of the repackaged installation package is no longer a self-signature of the original installation package. Thus, in the existing technologies, a method for anti-repackaging can be: checking a self-signature of an installation package to determine whether the installation package is repackaged. A specific verification process is shown in FIG. 2.
When a certain installation package is installed, a target file in the installation package is run, and a secure dynamic library in the installation package is loaded. Generally, to ensure the information security, some verification information is stored in the secure dynamic library. The verification information includes a self-signature of an original installation package corresponding to the installation package. Because an operating system provides an interface for verifying the self-signature of the installation package, after obtaining the self-signature of the installation package from the target file and obtaining the self-signature of the original installation package from the secure dynamic library, the operating system verifies whether the self-signature of the installation package is consistent with the self-signature of the original installation package. If they are consistent, the operating system determines that the installation package is the original installation package. If they are inconsistent, the operating system determines that the installation package is a repackaged installation package.
In the existing technologies, another method for anti-repackaging can be the following: An operating system calculates a hash (hash) value of an installation package installed this time, and checks the hash value, that is, compares the hash value with a hash value of an original installation package, if they are consistent, determines that the installation package is the original installation package, and if they are inconsistent, determines that the installation package is a repackaged installation package.
The two methods for anti-repackaging in the existing technologies must be used in a fully trusted operating system, so as to effectively prevent repackaging. However, because many existing operating systems are open-source, users can modify an original operating system, so that the operating system does not check a self-signature of an installation package or check a hash value of the installation package. As such, regardless of whether an installation package downloaded by the user is a repackaged installation package or not, the operating system considers by default that the installation package is an original installation package.
In addition, in the second method for anti-repackaging, sometimes an installation package to be installed occupies a large memory. As such, when the operating system calculates a hash value of the installation package, verification efficiency of the operating system is affected.