Apps repackaged through reverse engineering pose a significant security threat to the Android smart phone ecosystem. Previous solutions have mostly focused on the detection and identification of repackaged apps. Nevertheless, current app anti-repackaging services can only protect applications at a coarse level and have significant performance overhead. These approaches can neither meet the performance requirements of Android nor achieve fine-grained protection against cumulative attack at the same time. Specifically, these solutions rely on a
fix-structure detecting engine and then will execute the same path at different times, which lead to the whole protection performs poorly when faced with dynamic cumulative attack, which is
typical in real-world attack.

This paper introduces the AppIS, a reinforced antirepackaging immune system, that is robust to app-repackaging attack scenarios. Unlike past work, which mostly focuses on simple protection only from just one respect, our design exploits an interlocking guarding net with time diversity for the tamperproofing of Android applications. The intuition underlying our design is that a dynamic and static combining method can provide a multi-level protection for the codes, core algorithm and sensitive data. We analyze and classify the existing threats on Android platform and furthermore abstract then model the repackaging attack scenarios. We then adapt a random controller used by the dispatcher to randomly construct guarding net with different structure every time. We have built a prototype of our design using Java Native Interface cross-layer calling mechanism for performance requirement. Results from a deployment of AppIS on three kinds of popular apps demonstrate that the new design can prevent our apps from cumulative attack without extra performance cost.