| CPC H04L 63/1425 (2013.01) [G06F 16/16 (2019.01); H04M 1/72403 (2021.01)] | 23 Claims |
|
1. A system, comprising:
a processor configured to:
receive a set of repackaging fingerprints generated independently of a particular original application, wherein the set of repackaging fingerprints comprises a plurality of predetermined indicators of build-related structure, and wherein said build-related structure is independent of the particular original application's code structure;
receive a mobile application;
analyze the received mobile application for one or more indicators that the received mobile application is a repackaged version of the particular original application, using at least one repackaging fingerprint, including by determining whether the at least one repackaging fingerprint indicates that a repackaging tool was used as a component in generating the received mobile application, including by determining that a second string_data_off value in a string table, that occurs in the string table after a first string_data_off value in the string table, is smaller than the first string_data_off value; and
at least in part, in response to determining that string_data_off values included in the string table do not strictly increase, categorize the received mobile application as a repackaged application; and
a memory coupled to the processor and configured to provide the processor with instructions.
|