Abstract
Having about 80 % of the market share, Android is currently the clearly dominating platform for mobile devices. Application theft and repackaging remains a major threat and a cause of significant losses, affecting as much as 97 % of popular paid apps. The ease of decompilation and reverse engineering of high-level bytecode, in contrast to native binary code, is considered one of the main reasons for the high piracy rate. In this paper, we address this problem by proposing four static obfuscation techniques: native opaque predicates, native control flow flattening, native function indirection, and native field access indirection. These techniques provide a simple and yet effective way of reducing the task of bytecode reverse engineering to the much harder task of reverse engineering native code. For this purpose, native function calls are injected into an app’s bytecode, introducing artificial dependencies between the two execution domains. The adversary is forced to analyze the native code in order to be able to comprehend the overall app’s functionality and to successfully launch static and dynamic analyses. Our evaluation results of the proposed protection methods witness an acceptable cost in terms of execution time and application size, while significantly complicating the reverse-engineering process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gartner: Smartphone Sales report (2015). http://www.gartner.com/newsroom/id/2996817. Accessed on 12 March 2015
Arxan Technologies: State of Mobile App Security: Apps Under Attack. https://www.arxan.com/assets/1/7/State_of_Mobile_App_Security_2014_final.pdf. Accessed on 17 February 2015
Business, B.: Piracy cuts into paid app sales (2012). http://www.bloomberg.com/bw/articles/2012-11-01/piracy-cuts-into-paid-app-sales. Accessed on 18 March 2015
Shao, Y., Luo, X., Qian, C., Zhu, P., Zhang, L.: Towards a scalable resource-driven approach for detecting repackaged android applications. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 56–65. ACM, New York (2014)
Crussell, J., Gibler, C., Chen, H.: AnDarwin: scalable detection of semantically similar android applications. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 182–199. Springer, Heidelberg (2013)
Crussell, J., Gibler, C., Chen, H.: Attack of the clones: detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012)
Octeau, D., Jha, S., McDaniel, P.: Retargeting android applications to java bytecode. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 6:1–6:11. ACM, New York (2012)
Schulz, P.: Code Protection in Android. Insititute of Computer Science, Rheinische Friedrich-Wilhelms-Universitgt Bonn, Germany (2012)
Desnos, A., Gueguen, G.: Android: from reversing to decompilation. In: Proceedings of the Black Hat Conference. ESIEA: Operational Cryptology and Virology Laboratory, Abu Dhabi, July 2011
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association Berkeley (2011)
Hex-Rays: IDA (2015). https://www.hex-rays.com/products/ida/. Accessed on 18 March 2015
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5:1–5:29 (2014)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, pp. 259–269. ACM, New York (2014)
Madou, M., Anckaert, B., Moseley, P., Debray, S., De Sutter, B., De Bosschere, K.: Software protection through dynamic code mutation. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 194–206. Springer, Heidelberg (2006)
Cappaert, J., Preneel, B., Anckaert, B., Madou, M., De Bosschere, K.: Towards tamper resistant code encryption: practice and experience. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 86–100. Springer, Heidelberg (2008)
Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, 1st edn. Addison-Wesley Professional, Boston (2009)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report 148, Department of Computer Science, University of Auckland, July 1997
Bartel, A., Klein, J., Le Traon, Y., Monperrus, M.: Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis, SOAP 2012, pp. 27–38. ACM, New York (2012)
László, T., Kiss, Á.: Obfuscating C++ programs via control flow flattening. In: Proceedings of the 10th Symposium on Programming Languages and Software Tools, SPLST 2007, pp. 15–29, Dobogókő, Hungary (2007)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1998, pp. 184–196. ACM, New York (1998)
Vallée-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, CASCON 1999. IBM Press (1999)
McCabe, T.J.: A complexity measure. IEEE Trans. Softw. Eng. SE 2(4), 308–320 (1976)
Chidamber, S.R., Kemerer, C.F.: A metrics suite for object oriented design. IEEE Trans. Softw. Eng. 20(6), 476–493 (1994)
0xlab: 0xbench (2011). https://code.google.com/p/0xbench/. Accessed on 10 March 2015
Acknowledgments
The research leading to these results was supported by the “Bavarian State Ministry of Education, Science and the Arts” as part of the FORSEC research association.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Protsenko, M., Müller, T. (2015). Protecting Android Apps Against Reverse Engineering by the Use of the Native Code. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)