Measuring similarity of android applications via reversing and K-gram birthmarking

By measuring similarity of programs, we can determine whether someone illegally copies a program from another program or not. If the similarity is significantly high, it means that a program is a copy of the other. This paper proposes three techniques to measure similarity of the Dalvik executable codes (DEXs) in the Android application Packages (APKs). Firstly, we decompile the DEXs of candidate applications into Java sources and compute the similarity between the decompiled sources. Secondly, candidate DEXs are disassembled and the similarities between disassembled codes are measured. Finally, we extract k-gram based software birthmark form the dissembled codes and calculate the similarity of sample DEXs by comparing the extracted birthmarks. We perform several experiments to identify effects of the three techniques. With the analysis of the experimental results, the advantages and disadvantages of each technique are discussed.