Detecting plagiarized mobile apps using API birthmarks

Daeyoung Kim, Amruta Gokhale, Vinod Ganapathy, Abhinav Srivastava

Research output: Contribution to journalArticlepeer-review

11 Scopus citations


This paper addresses the problem of detecting plagiarized mobile apps. Plagiarism is the practice of building mobile apps by reusing code from other apps without the consent of the corresponding app developers. Recent studies on third-party app markets have suggested that plagiarized apps are an important vehicle for malware delivery on mobile phones. Malware authors repackage official versions of apps with malicious functionality, and distribute them for free via these third-party app markets. An effective technique to detect app plagiarism can therefore help identify malicious apps. Code plagiarism has long been a problem and a number of code similarity detectors have been developed over the years to detect plagiarism. In this paper we show that obfuscation techniques can be used to easily defeat similarity detectors that rely solely on statically scanning the code of an app. We propose a dynamic technique to detect plagiarized apps that works by observing the interaction of an app with the underlying mobile platform via its API invocations. We propose API birthmarks to characterize unique app behaviors, and develop a robust plagiarism detection tool using API birthmarks.

Original languageEnglish
Pages (from-to)591-618
Number of pages28
JournalAutomated Software Engineering
Issue number4
StatePublished - 1 Dec 2016


  • API birthmarks
  • Mobile apps
  • Plagiarism


Dive into the research topics of 'Detecting plagiarized mobile apps using API birthmarks'. Together they form a unique fingerprint.

Cite this