Trend Micro have an interesting recent article on repackaged Android apps. That is, apps that have been downloaded, reverse engineered, modified and re-uploaded to app stores to look like the original app. Modifications often include malware to capture private data and/or generate income from advertisements. Trend Micro found that nearly 80% of the top 50 free apps on the Play store had bogus versions.
This is not to say apps downloaded from the Play store are likely to be re-packaged. Trend Micro said none were found on the Play Store but instead were on other 3rd party stores.
Nevertheless, it’s a problem if you are a developer or stakeholder of an app. Someone is using your IP to generate income and/or infect people who might eventually blame you. You will also end up providing support for those bogus apps. I have some further information if you wish to make your app more difficult to reverse-engineer.
- Facebook Mobile SDK Vulnerability
- Android Malware War of Words
- How To Write Secure Android Apps
- Secure Apps
- Android App Hacking
- Android Malware Cross-infection
- Android Malware
- App Privacy
- Sophisticated Android Malware
- Android App Analysis
- Android Anti-Virus Software Prone to Transformation Attacks
- Top Threats to Mobile Computing
- Mobile a Rising Security Threat