Piggybacked App-Detection

Piggybacked Apps are apps that contain malicious code which is grafted on benign app before repackaging.
This command-line application helps in classifying an android app as piggybacked or not.

Dependencies

• Apktool

• Networkx

• Matplotlib

• Numpy

• Pandas

• Scikit-learn

Running

The program can be started by running main.py and passing the file name(if in current directory) or relative path of the android app as command-line argument.

python main.py sample.apk

Working

• It first Disassemble the app using Apktool.

• Then parses all the smali files and make a directed call-graph of functions in the app, where an edge orginates from callee method and points to called method.

• Then based on a sensitive-api list, the call-graph is divided into mutually exclusive(sensitive-api) sub-graphs, each consisting of sensitive-api('s) and neighbouring nodes within depth of not more than level-3.

• The Subgraph with the highest sensitive score(pre-calculated from the Dataset) is selected and some features are extracted from it.

• At last, the Random Forest is used as a classification model.