Android Application Protection against Static Reverse Engineering based on Multidexing
نویسندگان
چکیده
DEX files are executable files of Android applications. Since DEX files are in the format of Java bytecodes, their Java source codes can be easily obtained using static reverse engineering tools. This results in numerous Android application thefts. There are some tools (e.g. bangcle, ijiami, liapp) that protect Android applications against static reverse engineering utilizing dynamic code loading. These tools usually encrypt classes.dex in an APK file. When the application is launched, the encrypted classes.dex file is decrypted and dynamically loaded. However, these tools fail to protect multidex APKs, which include more than one DEX files (classes2.dex, classes3.dex, ...) to accommodate large-sized execution codes. In this paper, we propose a technique that protects multidex Android applications against static reverse engineering. The technique can encrypt/decrypt multiple DEX files in APK files and dynamically load them. The experimental results show that the proposed technique can effiectively protect multidex APKs.
منابع مشابه
An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks
Reverse engineering of Android applications is easy because the applications are written in the high level but simple bytecode language. Due to malicious reverse engineering attacks, many Android applications are tampered and repackaged into malicious applications. To protect Android applications from reverse engineering, many research studies have proposed and developed anti-reverse engineerin...
متن کاملMalicious Behavior Monitoring for Android Applications
Android, as a modern popular open source mobile platform, makes its security issues more prominent, especially in user privacy leakage. In this paper, we proposed a twostep model which combines static and dynamic analysis approaches. During the static analysis, permission combination matrix is used to determine whether an application has potential risks. For those suspicious applications, based...
متن کاملSecuring Android Code Using White Box Cryptography and Obfuscation Techniques
Code obfuscation is a set of program transformations that make program code and program execution difficult to analyze. First of all, obfuscation hinders manual inspection of program internals. By renaming variables and functions, and breaking down structures, it protects against reverse-engineering. It protects both storage and usage of keys, and it can hide certain properties such as a softwa...
متن کاملANDRIU. A Technique for Migrating Graphical User Interfaces to Android (S)
Nowadays, pervasive environments force maintainers to provide agile solutions for migrating legacy information systems to mobile applications. While business knowledge can be easily reused in tier-based modularized systems, the migration of user interface tiers to a mobile application entails a bigger (but usually ignored) challenge. This paper presents AndrIU, a reverse engineering tool based ...
متن کاملMobile App Security Analysis with the MAVeriC Static Analysis Module
The success of the mobile application model is mostly due to the ease with which new applications are uploaded by developers, distributed through the application markets (e.g. Google Play), and installed by users. Yet, the very same model is cause of serious security concerns, since users have no or little means to ascertain the trustworthiness of the applications they install on their devices....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Internet Serv. Inf. Secur.
دوره 6 شماره
صفحات -
تاریخ انتشار 2016