DexPro: A Bytecode Level Code Protection System for Android Applications

Tang, Zhanyong; Li, Zhen; Song, Lina; Gong, Xiaoqing; Fang, Dingyi; Liu, Fangyuan; Wang, Zheng

doi:10.1007/978-3-319-69471-9_27

Cited by 5 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, at runtime, decrypted files are loaded in memory and can be tracked from a dynamic analyzer. Dexpro [44] can confuse the flow of register data and combines opaque predicates to make it difficult to understand the control flow. Fundamentally, the control flow is obfuscated by inserting dummy code or by switching codes.…”

Section: Related Workmentioning

confidence: 99%

Automated Multi-Layered Bytecode Generation for Preventing Sensitive Information Leaks From Android Applications

et al. 2021

View full text Add to dashboard Cite

Sensitive information leakages from applications are a critical issue in the Android ecosystem. Despite the advance of techniques to secure applications such as packing and obfuscation, a lot of applications are still under the threat of repackaging attacks that inject malicious code and redistribute applications. Also, as we are becoming more dependent on mobile technologies, more sensitive information is used on our mobile devices. Hence, it is of great importance to reduce the risk of such sensitive information leaks. In this paper, we first present a threat model that attempts to leak users' sensitive information by using the repackaging attack, named ReMaCi attack. By analyzing the top 8,546 applications downloaded from Google Play Store, we show that 50% of them are really vulnerable to the ReMaCi attack. We, thus, propose a novel, automated static anti-analysis tool, called AmpDroid, for preventing sensitive information leaks. AmpDroid identifies sensitive dataflows and isolates the code that handles the sensitive data from an application. To demonstrate the effectiveness of AmpDroid, we perform the security and performance evaluation of AmpDroid, comparing it with other obfuscation tools.

show abstract

Section: Related Workmentioning

confidence: 99%

Automated Multi-Layered Bytecode Generation for Preventing Sensitive Information Leaks From Android Applications

et al. 2021

View full text Add to dashboard Cite

show abstract

Exploiting Binary-Level Code Virtualization to Protect Android Applications Against App Repackaging

Yuan

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Application repackaging is a severe problem for Android systems. Many Android malware programs pass the mobile platform fundamental security barriers through repackaging other legitimate apps. Most of the existing anti-repackaging schemes only work at the Android DEX bytecode level, but not for the shared object files consisting of native ARM-based machine instructions. Lacking the protection at the native machine code level opens a door for attackers to launch repackaging attacks on the shared libraries that are commonly used on Android apps. This paper presents CodeCloak, a novel anti-repackaging system to protect Android apps at the native code level. CodeCloak employs binary-level code virtualization techniques to protect the target application. At the native machine code level, it uses a newly designed stack-based virtualization structure to obfuscate and protect critical algorithm implementations that have been compiled into native instructions. It leverages multiple dynamic code protection schemes to increase the diversity of the program behavior at runtime, aiming to increase the difficulties for performing code reverse engineering. We evaluate CodeCloak under typical app repackaging scenarios. Experimental results show that CodeCloak can effectively protect apps against repackaging attacks at the cost of minimum overhead.INDEX TERMS Android code protection, code obfuscation, app repackaging, code virtulization. I. INTRODUCTIONApplication repackaging is a prevalent and severe threat to the Android ecosystem. With the help of dynamic profiling and reverse engineering tools, an attacker can unpack an app, replace and insert code to, e.g., remove advertisements, steal privacy information, or make purchases without the user's authorization [1]. A prior study shows that over 80% of the malware samples were implemented through repacking legitimate apps [2]. Therefore, there is a critical need to protect Android apps from repackaging attacks.The associate editor coordinating the review of this article and approving it for publication was Bora Onat.

show abstract