A set of repackaging fingerprints generated independently of a particular original application is received. The set of repackaging fingerprints comprises a plurality of predetermined indicators of build-related structure that is independent of the particular original application's code structure. A mobile application is received. The received mobile application is analyzed for one or more indicators that the received mobile application is a repackaged version of the particular original application, using at least one repackaging fingerprint. In response to a result of the analysis, the received mobile application is categorized as a repackaged application.