Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code

2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI:10.1109/ARES.2015.98

Mykola Protsenko, Sebastien Kreuter, Tilo Müller

{"title":"Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code","authors":"Mykola Protsenko, Sebastien Kreuter, Tilo Müller","doi":"10.1109/ARES.2015.98","DOIUrl":null,"url":null,"abstract":"With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 10th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2015.98","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 27

Abstract

With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Android应用的动态自我保护和防篡改

拥有超过10亿台设备，占80%的市场份额，Android仍然是最受欢迎的移动设备平台。这个平台上的应用盗版是一个主要问题，也是造成重大损失的原因:在排名前100的付费应用中，约有97%被发现通过重新包装或复制分发而遭到黑客攻击。因此，需要新的和更强大的方法来增加逆向工程和修改专有移动软件的负担。在本文中，我们提出了一个应用Android原生代码组件来实现应用程序强大的软件自我保护。在这个范围内，我们提出了三种动态混淆技术，即动态代码加载、动态重新加密和防篡改。我们对这种方法进行了实际的评估，评估了其达到的保护水平的成本和效率。我们的结果表明，使用所提出的方法可以达到逆向工程过程的显著复杂性，同时在执行时间和应用程序大小方面是可以承受的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 10th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量