Full Text

Abstract

With expanding use of smartphones, smartphone app piracy has grown more widespread. However, existing licensing services are not effective for protecting copyright of apps because they can be cracked. We present a new approach to protect copyright of apps. This approach blocks execution of pirated apps using dynamic loading and integrity checking. An app is comprised of two parts: an Incomplete Main Application (IMA) and Separate Essential Class (SEC). Both parts are registered to market server. If a user buys and installs an app, only its IMA is downloaded to the user's smartphone. When the user first execute the app's IMA, the market server authenticates the user, encrypts the app's SEC, and sends the encrypted SEC to the user's smartphone with its MD5 hash. The downloaded SEC is decrypted and stored in secure space on the smartphone. The SEC, then, is loaded dynamically into the app's address space and the app is successfully executed. To make apps more temper-proof, the stub ensures the integrity of the SEC by comparing MD5 hash whenever the app executes. Although the app's IMA can be pirated, without the SEC the app cannot be successfully executed. We verify effectiveness of the approach using experiments and show the approach incurs an acceptable overhead. Key Words: Android App, Integrity Check, Dynamic Execution, MD5, Secure Space.

1. Introduction

The growth of the mobile applications market is hampered by software piracy. According to MobileSoftwareWorld.com, in 2010 smartphone software developers lost around 70% in potential revenues. This means that almost three out of four, mobile applications are downloaded without payment

In 2011, it is estimated that over half of all iOS applications are pirated and that over 70% of all Android applications are pirated [1]. Android's serious piracy problem costs developers big money. On August 02, 2010, Business insider (businessinsider.com) reported that 97% of the game's users in Asia were playing an illegal copy and the piracy rate was 43% in North America. Especially, the Android environment suffers most from piracy.

Secure anti-piracy measures and advanced security technologies are virtually non-existent on mobile platforms, making apps developed on them easy targets.

To address the copy protection problem, some services have been provided to protect smartphone applications from illegal copy [2, 3, 4]. Google offers...