Malicious activities involving Android applications are rising rapidly. While pure technical protections may mitigate the attacks to some extent, we need to understand the underlining economic incentives to design the most effective defenses. In this talk, I will describe our project on investigating application plagiarism on Android markets at a large scale. As a first step, we characterize plagiarized applications and estimate their impact on the original application developers. We first crawled around 300,000 free applications from 18 Android markets around the world and ran a tool to identify similar applications (“clones”'). Next, we captured live HTTP advertising traffic generated by mobile applications at a tier-1 US cellular carrier for 12 days. To correlate each Android application with its network traces, we extracted a unique advertising identifier, the client ID, from both the applications and their network races. Based on the data, we examined properties of the cloned applications and how they affected the original developers.
We estimate a lower bound on the revenue that cloned applications siphon from the original developers, and the user base that cloned applications divert from the original applications. To the best of our knowledge, this s the first large scale study on the characteristics of cloned applications and their impact on the original developers.
Hao Chen is an associate professor at the Department of Computer Science at the University of California, Davis. He received his Ph.D. at the Computer Science Division at the University of California, Berkeley in 2004. His interests are in computer security, particularly smartphone, wireless, and web security. He won the National Science Foundation CAREER award in 2007, and UC Davis College of Engineering Faculty Award in 2010.