Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild
نویسندگان
چکیده
Program code is a precious asset to its owner. Due to the easyto-reverse nature of Java, code protection for Android apps is of particular importance. To this end, code obfuscation is widely utilized by both legitimate app developers andmalware authors, which complicates the representation of source code or machine code in order to hinder the manual investigation and code analysis. Despite many previous studies focusing on the obfuscation techniques, however, our knowledge on how obfuscation is applied by realworld developers is still limited. In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple thirdparty markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction.
منابع مشابه
A Large Scale Investigation of Obfuscation Use in Google Play
Android applications are frequently plagiarized or maliciously repackaged, and soware obfuscation is a popular protection against these practices. In this study, we present the rst comprehensive analysis of the use and challenges of soware obfuscation in Android applications. We surveyed 308 Google Play developers about their experiences with obfuscation, nding that the free ProGuard sowar...
متن کاملA Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
The Android platform has been the dominant mobile platform in recent years resulting inmillions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially frommalicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation ...
متن کاملAndroid Code Protection via Obfuscation Techniques: Past, Present and Future Directions
Mobile devices have become ubiquitous due to centralization of private user information, contacts, messages and multiple sensors. Google Android, an open-source mobile Operating System (OS), is currently the market leader. Android popularity has motivated the malware authors to employ set of cyber attacks leveraging code obfuscation techniques. Obfuscation is an action that modifies an applicat...
متن کاملOn the Effectiveness of Code-Reuse-Based Android Application Obfuscation
Attackers use reverse engineering techniques to gain detailed understanding of executable for malicious purposes, such as re-packaging an Android app to inject malicious code or advertising components. To make reverse engineering more difficult, researchers have proposed various code obfuscation techniques to conceal purposes or logic of code segments. One interesting idea of code obfuscation i...
متن کاملADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems
With the rising threat of smartphone malware, both academic community and commercial anti-virus companies proposed many methodologies and products to defend against smartphone malware. Thus, how to assess the effectiveness of these defense mechanisms against existing and unknown malware becomes important. We propose ADAM, an automated and extensible system that can evaluate, via large-scale str...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1801.01633 شماره
صفحات -
تاریخ انتشار 2018