Code clone detection in obfuscated Android apps

The Android operating system has long become one of the main global smartphone operating systems. Both developers and malware authors often reuse code to expedite the process of creating new apps and malware samples. Code cloning is the most common way of reusing code in the process of developing Android apps. Finding code clones through the analysis of Android binary code is a challenging task that becomes more sophisticated when instances of code reuse are non-contiguous, reordered, or intertwined with other code. We introduce an approach for detecting cloned methods as well as small and non-contiguous code clones in obfuscated Android applications by simulating the execution of Android apps and then analyzing the subsequent execution traces. We first validate our approach’s ability on finding different types of code clones on 20 injected clones. Next we validate the resistance of our approach against obfuscation by comparing its results on a set of 1085 apps before and after code obfuscation. We obtain 78-87% similarity between the finding from non-obfuscated applications and four sets of obfuscated applications. We also investigated the presence of code clones among 1603 Android applications. We were able to find 44,776 code clones where 34% of code clones were seen from different applications and the rest are among different versions of an application. We also performed a comparative analysis between the clones found by our approach and the clones detected by Nicad on the source code of applications. Finally, we show a practical application of our approach for detecting variants of Android banking malware. Among 60,057 code clone clusters that are found among a dataset of banking malware, 92.9% of them were unique to one malware family or benign applications

The relationship between copyright and contract law

Contracts lie at the heart of the regulatory system governing the creation and dissemination of cultural products in two respects: (1) The exclusive rights provided by copyright law only turn into financial reward, and thus incentives to creators, through a contract with a third party to exploit protected material. (2) From a user perspective purchases of protected material may take the form of a licensing contract, governing behaviour after the initial transaction. Thus, a review of the relationship between copyright and contract law has to address both supply- and demand-side issues. On the supply side, policy concerns include whether copyright law delivers the often stated aim of securing the financial independence of creators. Particularly acute are the complaints by both creators and producers that they fail to benefit from the exponential increase in the availability of copyright materials on the Internet. On the demand side, the issue of copyright exceptions and their policy justification has become central to a number of reviews and consultations dealing with digital content. Are exceptions based on user needs or market failure? Do exceptions require financial compensation? Can exceptions be contracted out by licence agreements? This report (i) reviews economic theory of contracts, value chains and transaction costs, (ii) identifies a comprehensive range of regulatory options relating to creator and user contracts, using an international comparative approach, (iii) surveys the empirical evidence on the effects of regulatory intervention, and (iv) where no evidence is available, extrapolates predicted effects from theory

Music 2025 : The Music Data Dilemma: issues facing the music industry in improving data management

© Crown Copyright 2019Music 2025ʼ investigates the infrastructure issues around the management of digital data in an increasingly stream driven industry. The findings are the culmination of over 50 interviews with high profile music industry representatives across the sector and reflects key issues as well as areas of consensus and contrasting views. The findings reveal whilst there are great examples of data initiatives across the value chain, there are opportunities to improve efficiency and interoperability

Commodifying Consumer Data in the Era of the Internet of Things

Internet of Things (“IoT”) products generate a wealth of data about consumers that was never before widely and easily accessible to companies. Examples include biometric and health-related data, such as fingerprint patterns, heart rates, and calories burned. This Article explores the connection between the types of data generated by the IoT and the financial frameworks of Article 9 of the Uniform Commercial Code and the Bankruptcy Code. It critiques these regimes, which enable the commodification of consumer data, as well as laws aimed at protecting consumer data, such as the Bankruptcy Abuse Prevention and Consumer Protection Act, various state biometric data statutes, and the Health Insurance Portability and Accountability Act. This Article contends that in addition to privacy policies, financial frameworks can also play a critical role in facilitating the transfer and disclosure of consumer data in a manner that is opaque and potentially harmful to consumers. Furthermore, existing privacy frameworks that rely heavily on a notice and choice model and the provisions of a company’s privacy policy to determine the level of protection given to consumers, and which may not always apply to IoT companies, do not effectively safeguard consumers in the IoT setting. This Article proposes several solutions to engender movement away from an overreliance on the notice and choice model and the terms of privacy policies, and to reduce the various moments of data disclosure authorized by financial frameworks. It also offers ways to preserve the value of IoT data as a source of financing for companies while simultaneously protecting the privacy of consumers

Private Interests, Public Law, and Reconfigured Inequality in Modern Payment Card Networks

This Article examines two phenomena contributing to the racial stratification of consumers in credit card markets. The first phenomenon pertains to the longstanding conflict between card issuers and merchants over payment processing cost allocation. If successful, First Amendment challenges to existing statutory surcharge bans will allow merchants to impose an additional fee when consumers use credit cards as a form of payment. The Article relies on the interplay between socioeconomic class and behavioral theory to suggest subsistence borrowers would be more likely to pay surcharge fees than wealthier consumers. This arrangement disfavors the poor to support a hierarchy of borrowers, to the extent that income inequality continues to cleave along racial lines. The second phenomenon concerns algorithmic lending practices. Algorithmic lending practices use technology to effectively extend structural racism’s cumulative effects into the underwriting process. This Article argues that the algorithmic lending in modern credit card enrollment practices supports new and complex iterations of racial bias. Structural racism’s legacy married to modern data mining practices capture and compare the broad sweep of spending patterns among consumers with racially disparate spending power. Public law’s relationship to each of these two phenomena illustrates the government’s limited capacity to protect marginalized consumers from the racialized effects of cardholder stratification. The Article concludes by encouraging experts to refine underwriting practices to disentangle racism’s moral hazards from the legitimate business practice of equitable underwriting that determines a prospective borrower’s creditworthiness

Appraisal of Cashless Policy on the Nigerian Financial System

The Central Bank of Nigeria (CBN) has been active in the inauguration of policies and schemes to foster the implementation of the cashless policy in Nigeria. However the current transition to cashless economy raises a lot of concerns with no substantial evidence yet to justify its implementation. This study was carried out in order to appraise the implementation of the cashless policy since its introduction into the Nigerian financial system in 2012 and also to examine the persistent challenges facing its implementation. In view of the above stated objective, primary data were collected with the aid of the questionnaire, which was randomly administered to 120 respondents ranging from First Bank, Zenith Bank and United Bank for Africa. The banks were selected based on their total assets and the information collected covered the activities of the CBN and that of these banks towards implementation of the cashless policy from 2012 till date.The data collected were presented and analyzed with the aid of the Statistical Package for Social Sciences (SPSS) using descriptive statistics and one-sample t-test. The results led to the conclusion that despite the need to operate cashless transactions dominating the modern Nigerian economy, the cashless policy will have the desired impact only if a lot is done to ensure the implementation of an effective cashless system