{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T14:18:48Z","timestamp":1764857928741,"version":"3.46.0"},"reference-count":34,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T00:00:00Z","timestamp":1764806400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Repackaged Android applications pose a significant threat to mobile ecosystems, acting as common vectors for malware distribution and intellectual property infringement. Addressing the challenges of existing repackaging detection methods\u2014such as scalability, reliance on app pairs, and high computational costs\u2014this paper presents a novel hybrid approach that combines supervised learning and symptom discovery. We develop a lightweight feature extraction and analysis framework that leverages only 20 discriminative features, including inter-component communication (ICC) patterns, sensitive API usage, permission profiles, and a structural anomaly metric derived from string offset order. Our experiments, conducted on 8441 Android applications sourced from the RePack dataset, demonstrate the effectiveness of our approach, achieving a maximum F1 score of 85.9% and recall of 98.8% using Support Vector Machines\u2014outperforming prior state-of-the-art models that utilized over 500 features. We also evaluate the standalone predictive power of AndroidSOO\u2019s string offset order feature and highlight its value as a low-cost repackaging indicator. This work offers an accurate, efficient, and scalable alternative for automated detection of repackaged mobile applications in large-scale Android marketplaces.<\/jats:p>","DOI":"10.3390\/info16121075","type":"journal-article","created":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T13:53:30Z","timestamp":1764856410000},"page":"1075","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["RepackDroid: An Efficient Detection Model for Repackaged Android Applications"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-6163-8251","authenticated-orcid":false,"given":"Tito","family":"Leadon","sequence":"first","affiliation":[{"name":"Department of Computer Science, Florida Polytechnic University, Lakeland, FL 33805, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6060-4090","authenticated-orcid":false,"given":"Karim","family":"Elish","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Florida Polytechnic University, Lakeland, FL 33805, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,12,4]]},"reference":[{"key":"ref_1","unstructured":"(2025, October 01). Living in a Multi-Device World with Android. Available online: https:\/\/blog.google\/products\/android\/io22-multideviceworld\/."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Zhou, Y., and Jiang, X. (2012, January 20\u201323). Dissecting Android Malware: Characterization and Evolution. Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP.2012.16"},{"key":"ref_3","unstructured":"Trend Micro (2021, December 17). A Look at Repackaged Apps and their Effect on the Mobile Threat Landscape. Trend Micro Blog. Available online: http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/a-look-into-repackaged-apps-and-its-rolein-the-mobile-threat-landscape\/."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Glanz, L., Amann, S., Eichberg, M., Reif, M., Hermann, B., Lerch, J., and Mezini, M. (2017, January 4\u20138). CodeMatch: Obfuscation won\u2019t conceal your repackaged app. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany.","DOI":"10.1145\/3106237.3106305"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhou, Y., Jiang, X., and Ning, P. (2012, January 7\u20139). Detecting repackaged smartphone applications in third-party android marketplaces. Proceedings of the Second ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA.","DOI":"10.1145\/2133601.2133640"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"72182","DOI":"10.1109\/ACCESS.2019.2920314","article-title":"RomaDroid: A Robust and Efficient Technique for Detecting Android App Clones","volume":"7","author":"Kim","year":"2019","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"676","DOI":"10.1109\/TSE.2019.2901679","article-title":"Rebooting Research on Detecting Repackaged Android Apps: Literature Review and Benchmark","volume":"47","author":"Li","year":"2019","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_8","unstructured":"Li, L., Bissyand\u00e9, T., and Klein, J. (2024, December 17). RePack. Github. Available online: https:\/\/github.com\/serval-snt-uni-lu\/RePack."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wolfe, B., Elish, K., and Yao, D. (2014, January 12\u201314). Comprehensive Behavior Profiling for Proactive Android Malware Detection. Proceedings of the Information Security Conference (ISC), Hong Kong, China.","DOI":"10.1007\/978-3-319-13257-0_19"},{"key":"ref_10","unstructured":"Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. (2012, January 5\u20138). Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. Proceedings of the 19th Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Dave, D.D., and Rathod, D. (2022). Systematic review on various techniques of android malware detection. Communications in Computer and Information Science, Springer International Publishing.","DOI":"10.1007\/978-3-031-10551-7_7"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Wolfe, B., Elish, K., and Yao, D. (2014, January 3\u20136). High Precision Screening for Android Malware with Dimensionality Reduction. Proceedings of the International Conference on Machine Learning and Applications, Detroit, MI, USA.","DOI":"10.1109\/ICMLA.2014.10"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"101663","DOI":"10.1016\/j.cose.2019.101663","article-title":"DL-Droid: Deep learning based Android malware detection using real devices","volume":"89","author":"Alzaylaee","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_14","unstructured":"Elish, K., Yao, D., and Ryder, B. (2012, January 24). User-Centric Dependence Analysis for Identifying Malicious Mobile Apps. Proceedings of the IEEE Mobile Security Technologies (MoST) Workshop, in Conjunction with the IEEE Symposium on Security and Privacy, San Francisco, CA, USA."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.cose.2014.11.001","article-title":"Profiling user-trigger dependence for Android malware detection","volume":"49","author":"Elish","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"740","DOI":"10.1016\/j.future.2018.12.050","article-title":"CloneSpot: Fast detection of Android repackages","volume":"94","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhang, X., and Jiang, X. (2013, January 8\u201310). AppInk: Watermarking android apps for repackaging deterrence. Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China.","DOI":"10.1145\/2484313.2484315"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Nguyen, T., Mcdonald, J.T., Glisson, W., and Andel, T. (2020, January 7\u201310). Detecting Repackaged Android Applications Using Perceptual Hashing. Proceedings of the 53rd Hawaii International Conference on System Sciences, Maui, HI, USA.","DOI":"10.24251\/HICSS.2020.813"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1016\/j.cose.2013.08.010","article-title":"Identifying Android Malicious Repackaged Applications by Thread-Grained System Call Sequences","volume":"39","author":"Lin","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Tian, K., Yao, D., Ryder, B.G., and Tan, G. (2016, January 22\u201326). Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. Proceedings of the 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA.","DOI":"10.1109\/SPW.2016.33"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Wu, D.J., Mao, C.H., Wei, T.E., Lee, H.M., and Wu, K.P. (2012, January 9\u201310). Droidmat: Android Malware Detection Through Manifest and API Calls Tracing. Proceedings of the 2012 Seventh Asia Joint Conference on Information Security, Tokyo, Japan.","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Gonzalez, H., Kadir, A., Stakhanova, N., Alzahrani, A., and Ghorbani, A. (2015, January 21). Exploring reverse engineering symptoms in Android apps. Proceedings of the Eighth European Workshop on System Security, Bordeaux, France.","DOI":"10.1145\/2751323.2751330"},{"key":"ref_23","unstructured":"(2023, September 10). Androzoo. Available online: https:\/\/androzoo.uni.lu\/."},{"key":"ref_24","unstructured":"(2023, September 15). Apktool: A Tool for Reverse Engineering Android Apk Files. Available online: https:\/\/apktool.org\/."},{"key":"ref_25","unstructured":"(2023, September 15). Baksmali. Available online: https:\/\/github.com\/JesusFreke\/smali."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/TMC.2018.2889495","article-title":"Identifying Mobile Inter-App Communication Risks","volume":"19","author":"Elish","year":"2020","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/TDSC.2017.2745575","article-title":"Detection of Repackaged Android Malware with Code-Heterogeneity Features","volume":"17","author":"Tian","year":"2017","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_28","unstructured":"(2025, March 18). Permissions on Android: Android Developers. Available online: https:\/\/developer.android.com\/guide\/topics\/permissions\/overview."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Sun, B., Li, Q., Guo, Y., Wen, Q., Lin, X., and Liu, W. (2017, January 13\u201316). Malware family classification method based on static feature extraction. Proceedings of the 2017 3rd IEEE International Conference on Computer and Communications (ICCC), Chengdu, China.","DOI":"10.1109\/CompComm.2017.8322598"},{"key":"ref_30","unstructured":"(2025, July 21). SMOTE\u2014Azure Machine Learning. Microsoft Docs. Available online: https:\/\/docs.microsoft.com\/en-us\/azure\/machine-learning\/component-reference\/smote."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"31:1","DOI":"10.1145\/2907070","article-title":"A Survey of Predictive Modeling on Imbalanced Domains","volume":"49","author":"Branco","year":"2017","journal-title":"ACM Comput. Surv."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Li, L., Bissyand\u00e9, T.F., and Klein, J. (2017, January 1\u20134). SimiDroid: Identifying and explaining similarities in Android apps. Proceedings of the 2017 IEEE Trustcom\/BigDataSE\/ICESS, Sydney, NSW, Australia.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.230"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., H\u00fcbner, M., Gascon, H., and Rieck, K. (2014, January 23\u201326). Drebin: Efficient and Explainable Detection of Android Malware in Your Pocket. Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Wei, F., Li, Y., Roy, S., Ou, X., and Zhou, W. (2017, January 6\u20137). Deep Ground Truth Analysis of Current Android Malware. Proceedings of the 14th International Conference on the Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Bonn, Germany.","DOI":"10.1007\/978-3-319-60876-1_12"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/12\/1075\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,4]],"date-time":"2025-12-04T14:14:47Z","timestamp":1764857687000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/12\/1075"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,4]]},"references-count":34,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["info16121075"],"URL":"https:\/\/doi.org\/10.3390\/info16121075","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,4]]}}}