A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Information Security and Applications Pub Date : 2020-06-01 DOI:10.1016/j.jisa.2020.102463

Stefano Berlato , Mariano Ceccato

{"title":"A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps","authors":"Stefano Berlato , Mariano Ceccato","doi":"10.1016/j.jisa.2020.102463","DOIUrl":null,"url":null,"abstract":"<div>Android apps are subject to malicious reverse engineering and code tampering for many reasons, like premium features unlocking and malware piggybacking. Scientific literature and practitioners proposed several Anti-Debugging and Anti-Tampering protections, readily implementable by app developers, to empower Android apps to react against malicious reverse engineering actively. However, the extent to which Android app developers deploy these protections is not known.In this paper, we describe a large-scale study on Android apps to quantify the practical adoption of Anti-Debugging and Anti-Tampering protections. We analyzed 14,173 apps from 2015 and 23,610 apps from 2019 from the Google Play Store. Our analysis shows that 59% of these apps implement neither Anti-Debugging nor Anti-Tampering protections. Moreover, half of the remaining apps deploy only one protection, not exploiting the variety of available protections. We also observe that app developers prefer Java to Native protections by a ratio of 99 to 1. Finally, we note that apps in 2019 employ more protections against reverse engineering than apps in 2015.</div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"52 ","pages":"Article 102463"},"PeriodicalIF":3.7000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.jisa.2020.102463","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212619305976","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 18

Abstract

Android apps are subject to malicious reverse engineering and code tampering for many reasons, like premium features unlocking and malware piggybacking. Scientific literature and practitioners proposed several Anti-Debugging and Anti-Tampering protections, readily implementable by app developers, to empower Android apps to react against malicious reverse engineering actively. However, the extent to which Android app developers deploy these protections is not known.

In this paper, we describe a large-scale study on Android apps to quantify the practical adoption of Anti-Debugging and Anti-Tampering protections. We analyzed 14,173 apps from 2015 and 23,610 apps from 2019 from the Google Play Store. Our analysis shows that 59% of these apps implement neither Anti-Debugging nor Anti-Tampering protections. Moreover, half of the remaining apps deploy only one protection, not exploiting the variety of available protections. We also observe that app developers prefer Java to Native protections by a ratio of 99 to 1. Finally, we note that apps in 2019 employ more protections against reverse engineering than apps in 2015.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

android应用中采用防调试和防篡改保护的大规模研究

Android应用容易受到恶意逆向工程和代码篡改的影响，原因有很多，比如高级功能解锁和恶意软件搭载。科学文献和实践者提出了几个反调试和反篡改保护，应用程序开发人员很容易实现，使Android应用程序能够主动应对恶意逆向工程。然而，Android应用程序开发人员部署这些保护措施的程度尚不清楚。在本文中，我们描述了一项针对Android应用程序的大规模研究，以量化反调试和反篡改保护的实际采用情况。我们分析了2015年的14173款应用和2019年的23610款应用。我们的分析显示，59%的这些应用程序既没有实施反调试也没有实施反篡改保护。此外，剩下的一半应用程序只部署了一种保护措施，没有利用各种可用的保护措施。我们还观察到，相对于原生保护，应用开发者更喜欢Java的比例是99比1。最后，我们注意到2019年的应用程序比2015年的应用程序采用了更多的反逆向工程保护措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.