Repadiography: Towards a visual support for triaging repackaged ApPs

App repackaging is a method for conveying malicious or disturbing code, consisting in decompiling an existing app, adding third party code, recompiling the resulting app and distributing it on marketplaces. Recent studies claim that repackaged apps populate both third party and official marketplaces. Solutions for detecting repackaging have been proposed in the literature but few efforts have been devoted to support the triaging activities. The triage is a preliminary automatic analysis aimed at minimizing the time an analyst spends examining potentially harmful applications. Given the high volumes of apps published on the marketplaces and the high speed of production and diffusion of apps, analysts need effective means for accelerating the triaging phase. For this reason, we propose a solution for visually comparing a legitimate app with a repackaged one, and allowing the analyst to immediately locate and quantify the impact of repackaging on the original app’s code.