introduce
This is a paper from 2018IMC "Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets"
Pre-knowledge
- META-INF and the package name of the application can determine which market the application was installed from
- Fake apps (fake apps): try to simulate a legitimate application name, they are designed to resemble legitimate applications, but perform malicious activities, which can be identified by package name
- Cloned apps: Cloned apps usually share most of the metadata with the original app, but they are obviously signed by different developers. There are two types:
1. Signature-based cloning and code-based cloning, which are mainly done by modifying the developer's signature and repackaging, which can be distinguished by the way "the package name is the same, but the developer's signature is different".
2. Code-based cloning mainly refers to code similarity, which can be detected by WuKong tools - Malware Family: A malware family is a program or group of related programs with sufficient "code overlap" to be considered part of the same group. Grouping them into a family can expand the scope of a single malware as it changes over time, creating new malware with different family characteristics.
- China app stores are divided into three categories: vendor-specific app marketplaces, online companies, and professional marketplaces
main content
Measure the overall profile, distribution and malicious behavior of 16 major app stores in China and Google Play, and compare China App Store with Google Play
Measurement methods
crawler crawling application
Dataset source
1. Use a crawler to crawl the mall application. When collecting the Google Play Store, use a package named Seed provided by PrivacyGrade, and use a breadth-first approach to search for additional related applications and other applications released by the same developer.
2. Some applications are from AndroZoo
measuring angle
1. Measure the overall situation of Google Play and the Chinese application market:
1) Application classification
The proportion of the number of categories of applications in each mall and the popularity of categories
2) User downloads
Comparison of the number of downloads and download distribution of each mall
3) Minimum API grade
Angle 1: Quantity distribution of the lowest API class. The triangle is google play, and the box is the value of 16 Chinese app stores
Angle 2: Data application release/update time distribution
4) Third-party library
Because the existing third-party library is outdated or missing, the author refers to other third-party library sources on the original basis: AppBrain, PrivacyGrade, Common Library.
Angle 1: Measuring the usage of third-party libraries and advertising libraries in various app stores
Angle 2: Google Play and the top 10 third-party libraries used in the Chinese app market
5) App rating The
rating of the app reflects the rating of the app store
2. Measuring App Release Dynamics
1) App Developers
2) Single-Store and Multi-Store Apps
3) Overall Distribution of App Store Updates
3. App Store Malicious Behavior
1) Fake Apps 
2) Clone Apps
3) Unauthorized Apps
The triangle represents google play, and the box diagram represents the value of 16 Chinese app stores
4) Malware prevalence rate
Tool used VirusTotal
Angle 1: Overall results
Angle 2: Top 10 malware
Angle 3: How many of the malware are packaged
Angle 4: Distribution of Malware Families
Angle 5: Removal of Malware
