隨著各種行動裝置搭載Android平台的比例提高以及Android app開發數量快速地成長，Android app的安全議題備受關注。其中，許多專家學者指出，Android app盜版是非常棘手的問題，常見的app盜版，如：非法存取付費app與任意散佈重製的偽造app。近來，針對app盜版的問題，許多研究普遍提出的解決方法是以app存取控制為主軸，來實現版權保護之目的。然而，透過許多Android反轉譯的技巧，app的設計架構與原始碼得以被揭露並重新修改，使得原有被大量下載的付費app仍有可能被剽竊與分享。
故本研究系統嘗試兼顧兩項需求，包括：認證合法使用者與限制APK檔案資源的存取。前項的解決方案是要求買家註冊訂單資訊，並在每次執行app前驗證被授權的認證子；後者則採取虛擬網路運算的技術實作遠端控制在伺服端虛擬機器上所運行的核心app。同時，此研究加強系統相關的安全防護，如：有效管理伺服端的APK檔案存取權限、安全的網路連結、資料機密性與提高app反組譯難度。因此，本研究可解決上述的app盜版問題，並為Android app提供一套健全的版權保護系統。

As Android OS increases their market share in all mobile devices and the numbers of apps are growing, the issue of app security becomes more important than ever. And many researchers point out that app piracy is a troublesome problem. The two common examples include illegal access to paid-apps and disseminating the plagiarized paid-apps. Recently, many studies have proposed their approaches, which
focus on app access control, for copyright protection on Android apps. However, with Android reverse engineer, a great number of popular paid-apps have uncovered their design architecture and even source code. So they are likely to be repackaged and shared easily.
Thus, our system tries to consider both requirements, including authentication on legal users and restriction on APK files. The former asks purchasers to register their
order information, and then validates distributed tokens before execution each time. The latter is based on Virtual Network Computing (VNC) to allow mobile clients to remote control core apps, which is running on server. Besides, our implementation also enforces system security, like APK management, secure network connection, data confidentiality and anti-reverse engineering. Therefore, this research can solve the foregoing problem and provide a sound system to fulfill the goal of copyright protection for Android apps.

[1] Ed Burnette. Hello, Android: introducing Google's mobile development platform. Pragmatic Bookshelf, 3rd edition, aug 2010.
[2] T. Richardson, Q. Stafford-Fraser, K.R.Wood, and A. Hopper. Virtual network computing. Internet Computing, IEEE, 2(1):33–38, 1998.
[3] Joe sandbox mobile - the most advanced analysis tool for mobile applications is now at your disposal! http://www.joesecurity.org/joe-sandbox-mobile.
[4] Android developers reference. http://developer.android.com/index.html.
[5] Sanghoon Choi, Joonhyouk Jang, and Eunkyeung Jae. Android application's copyright protection technology based on forensic mark. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS'12, pages 338–339, New York, NY, USA, 2012. ACM.
[6] Youn-Sik Jeong, Yeong-Ung Park, Jae-Chan Moon, Seong-Je Cho, Dongjin Kim, and Minkyu Park. An anti-piracy mechanism based on class separation and dynamic loading for android applications. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS ’12, pages 328–332, New York, NY, USA, 2012. ACM.
[7] Sagar Madane Harshal Zope Vishal Hatmode Archana Jadhav, Vipul Oswal. Vnc architecture based remote desktop access through android mobile phones. volume 1, pages 98–103. International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), apr 2012.

[8] Canalys press release, smart mobile device shipments exceed 300 million in q1 2013, may 2013. http://www.canalys.com/newsroom/smart-mobile-deviceshipments-
exceed-300-million-q1-2013.
[9] Appbrain statistics, android market stats, mar 2013.
http://www.appbrain.com/stats/.
[10] Netagent news & events, security company evaluates 35000 risky apps, apr 2013. http://www.net-agent.com/news.html.
[11] Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP ’12, pages 95–109, Washington, DC, USA, 2012. IEEE Computer Society.
[12] Rahul Potharaju, Andrew Newell, Cristina Nita-Rotaru, and Xiangyu Zhang. Plagiarizing smartphone applications: attack strategies and defense techniques. In Proceedings of the 4th international conference on Engineering Secure Software
and Systems, ESSoS'12, pages 106–120, Berlin, Heidelberg, 2012. Springer-Verlag.
[13] S. R. Subramanya and B.K. Yi. Digital rights management. Potentials, IEEE, 25(2):31–34, 2006.
[14] Qiong Liu, Reihaneh Safavi-Naini, and Nicholas Paul Sheppard. Digital rights management for content distribution. In Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21, ACSW Frontiers'03, pages 49–58, Darlinghurst, Australia, Australia, 2003. Australian Computer Society, Inc.
[15] Android policy developmen, [exclusive] report: [updated] google’s android market license verification easily circumvented, will not stop pirates.
http://www.androidpolice.com/2010/08/23/exclusive-report-googlesandroid-market-license-verification-easily-circumvented-will-not-stop-pirates/.
[16] Sungmin Kim, Eunhoe Kim, and Jaeyoung Choi. A method for detecting illegally copied apk files on the network. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS'12, pages 253–256, New York, NY, USA, 2012. ACM.
[17] Joonhyouk Jang, Hyunho Ji, Jiman Hong, Jinman Jung, Dongkyun Kim, and Soon Ki Jung. Protecting android applications with steganography-based software watermarking. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC'13, pages 1657–1658, New York, NY, USA, 2013. ACM.
[18] Sung Ryul Kim, Ji Hyun Kim, and Hee Sun Kim. A hybrid design of online execution class and encryption-based copyright protection for android apps. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS'12, pages 342–343, New York, NY, USA, 2012. ACM.
[19] android apktool. https://code.google.com/p/android-apktool/.
[20] Smali. https://code.google.com/p/smali/.
[21] Dex2jar. https://code.google.com/p/dex2jar/.
[22] Jd-gui, java decompiler. http://java.decompiler.free.fr/?q=jdgui.
[23] Wikipedia, virtual network computing.
[24] Android reverse engineering vm. https://redmine.honeynet.org/projects/are.
[25] Android reverse engineering platforms. http://malwareanalysis.wordpress.com/2013/01/14/android
reverse-engineering-platforms-and-tools/.
[26] Thotcon 2013 mobile security, forensics, & malware analysis with santoku linux. https://viaforensics.com/mobile-security/thotcon-2013-mobile-securityforensics-malware-analysis-santoku-linux.html.
[27] Srinivasa Rao T.Y.S Jaya Bharathi chintalapati. Remote computer access through android mobiles. volume 9 of 363–369. International Journal of Computer Science Issues, sep 2012.
[28] Siddhesh Gawas Aniket Patwardhan Snehal Mangale Ajit Kotkar,
Alok Nalawade. Android based remote desktop client. volume 1, pages 345–348. International Journal of Innovative Research in Computer and Communication Engineering, apr 2013.
[29] Three mistakes of google and now wallet. http://iwizvicky.
blogspot.tw/2013/05/three-mistakes-of-google-and-now-wallet.htm.
[30] Google play, returning apps. https://support.google.com/googleplay/answer/134336?hl=en.
[31] Google code, vmw-vnc. http://code.google.com/p/vmw-vnc/feeds.
[32] Google play, vmlite vnc server.
[33] Ubuntu documention- filepermissions. https://help.ubuntu.com/community/FilePermissions.
[34] Ubuntu documention- access control list (acl).
[35] Somnuk Puangpronpitag and Nattavut Sriwiboon. Simple and lightweight https enforcement to protect against ssl striping attack. In Computational Intelligence, Communication Systems and Networks (CICSyN), 2012 Fourth International Conference on, pages 229–234. IEEE, 2012.
[36] Wekipedia- java native interface.
[37] Google developer- proguard. http://developer.android.com/tools/help/proguard.html.
[38] Open mobile alliance (oma), digital rights management version 1.0/2.0.
http://technical.openmobilealliance.org/.
[39] Ivana Dusparic, Dominik Dahlem, and Jim Dowling. Flexible application rights management in a pervasive environment. In e-Technology, e-Commerce and e-Service, 2005. EEE’05. Proceedings. The 2005 IEEE International Conference on, pages 680–685. IEEE, 2005.
[40] Hung Ming Chen, Po Hung Chen, Yong Zan Liou, Zhi Xiong Xu, and Yeni Ouyang. Design of a smart remote controller framework based on android mobile devices. Advanced Materials Research, 268:1607–1612, 2011.
[41] Chen-Yuan Chuang, Yu-Chun Wang, and Yi-Bing Lin. Digital right management and software protection on android phones. In Vehicular Technology Conference (VTC 2010-Spring), 2010 IEEE 71st, pages 1–5. IEEE, 2010.
[42] Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, CODASPY'12, pages 317–326, New York, NY, USA, 2012. ACM.