Attack of the Clones: Detecting Cloned Applications on Android Markets

Jonathan Crussell, Clint Gibler, and Hao Chen

We present DNADroid, a tool that detects Android application copying,
or “cloning”, by robustly computing the similarity between two
applications. DNADroid achieves this by comparing program dependency
graphs between methods in candidate applications. Using DNADroid, we
found at least 141 applications that have been the victims of cloning,
some as many as seven times. DNADroid has a very low false positive
rate — we manually confirmed that all the applications detected are
indeed clones by either visual or behavioral similarity. We present
several case studies that give insight into why applications are
cloned, including localization and redirecting ad revenue. We describe
a case of malware being added to an application and show how DNADroid
was able to detect two variants of the same malware. Lastly, we offer
examples of an open source cracking tool being used in the wild.