Repackaging attack is a very common type of attacks on Android devices.
In such an attack, attackers modify a popular app downloaded from app
markets, reverse engineer the app, add some malicious payloads, and then
upload the modified app to app markets. Users can be easily fooled, because
it is hard to notice the difference between the modified app and the
original app. Once the modified apps are installed, the malicious code
inside can conduct attacks, usually in the background.
For example, in March 2011, it was found that DroidDream Trojan had
been embedded into more than 50 apps in Android official market and had
infected many users. DroidDream Trojan exploits vulnerabilities in Android
to gain the root access on the device.
The learning objective of this lab is for students to gain a first-hand experience in Android repackaging attack, so they can better understand this particular risk associated with Android systems, and be more cautious when downloading apps to their devices, especially from those untrusted third-party markets. In this lab, students will be asked to conduct a simple repackage attack on a selected app, and demonstrate the attack only on our provided Android VM. Students should be warned not to submit their repackaged apps to any market, or they will face legal consequence. Nor should they run the attack on their own Android devices, as that may cause real damages.
| Please give us your feedback on this lab using this feedback form. | |
| The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs. |