Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Dong, Shuaike; Li, Menghao; Diao, Wenrui; Liu, Xiangyu; Liu, Jian; Li, Zhou; Xu, Fenghao; Chen, Kai; Wang, Xiaofeng; Zhang, Kehuan

doi:10.1007/978-3-030-01701-9_10

Cited by 72 publications

(56 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, in a pre-print concurrent with our work, Dong et al also investigate the use of obfuscation in the Android ecosystem [16]. While that work is solely focused on technical measurements of obfuscation (similar in focus to our Sections 3 and 4), our research works with the developers responsible for obfuscation to determine the root causes of why apps are or are not obfuscated.…”

Section: Related Workmentioning

confidence: 95%

A Large Scale Investigation of Obfuscation Use in Google Play

Wermke

Huaman

Acar

et al. 2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also self-report difficulties applying obfuscation for their own apps. To better understand this, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. Our findings show that more work is needed to make obfuscation tools more usable, to educate developers on the risk of their apps being reverse engineered, their intellectual property stolen, their apps being repackaged and redistributed as malware and to improve the health of the overall Android ecosystem.

show abstract

Section: Related Workmentioning

confidence: 95%

A Large Scale Investigation of Obfuscation Use in Google Play

Wermke

Huaman

Acar

et al. 2018

Proceedings of the 34th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…We manually investigate the activity names and observe that most of activity names have semantic meanings. However, Android obfuscation techniques are often used in Google Play apps to protect their security [49]. The activity names will be translated to simple words like "a," "b," and "c," totally losing their practical semantic meanings.…”

Section: Semantic Name Inferringmentioning

confidence: 99%

StoryDroid: Automated Generation of Storyboard for Android Apps

Chen

Fan

Chen

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Mobile apps are now ubiquitous. Before developing a new app, the development team usually endeavors painstaking efforts to review many existing apps with similar purposes. The review process is crucial in the sense that it reduces market risks and provides inspiration for app development. However, manual exploration of hundreds of existing apps by different roles (e.g., product manager, UI/UX designer, developer) in a development team can be ineffective. For example, it is difficult to completely explore all the functionalities of the app in a short period of time. Inspired by the conception of storyboard in movie production, we propose a system, StoryDroid, to automatically generate the storyboard for Android apps, and assist different roles to review apps efficiently. Specifically, StoryDroid extracts the activity transition graph and leverages static analysis techniques to render UI pages to visualize the storyboard with the rendered pages. The mapping relations between UI pages and the corresponding implementation code (e.g., layout code, activity code, and method hierarchy) are also provided to users. Our comprehensive experiments unveil that StoryDroid is effective and indeed useful to assist app development. The outputs of StoryDroid enable several potential applications, such as the recommendation of UI design and layout code.

show abstract

“…PackedApps. We obtained this dataset from Dong et al, [11] which consists of 1,500 and 1,371 packedoriginal APK wrapped in another APK-benign and malicious APKs, respectively.…”

Section: Dataset In Usementioning

confidence: 99%

“…To reduce the resource required in performing dynamic analysis, a large body of works [23,4,8] perform static code analysis to detect malware component in Android apps. However, due recent development in obfuscation techniques and malware developers' affinity to obfuscate their apps [11], static analysis of Android malware apps is an active research topic. CrowDroid [7] performed dynamic analysis apps network traces to detect malware activities of Android apps.…”

Section: Related Workmentioning

confidence: 99%

DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling

Ikram

Beaume

Kâafar

2019

Proceedings of the 16th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

With the number of new mobile malware instances increasing by over 50% annually since 2012 [25], malware embedding in mobile apps is arguably one of the most serious security issues mobile platforms are exposed to. While obfuscation techniques are successfully used to protect the intellectual property of apps' developers, they are unfortunately also often used by cybercriminals to hide malicious content inside mobile apps and to deceive malware detection tools. As a consequence, most of mobile malware detection approaches fail in differentiating between benign and obfuscated malicious apps. We examine the graph features of mobile apps code by building weighted directed graphs of the API calls, and verify that malicious apps often share structural similarities that can be used to differentiate them from benign apps, even under a heavily "polluted" training set where a large majority of the apps are obfuscated. We present DaDiDroid an Android malware app detection tool that leverages features of the weighted directed graphs of API calls to detect the presence of malware code in (obfuscated) Android apps. We show that DaDiDroid significantly outperforms MaMaDroid [24], a recently proposed malware detection tool that has been proven very efficient in detecting malware in a clean nonobfuscated environment. We evaluate DaDiDroid's accuracy and robustness against several evasion techniques using various datasets for a total of 43,262 benign and 20,431 malware apps. We show that DaDiDroid correctly labels up to 96% of Android malware samples, while achieving an 91% accuracy with an exclusive use of a training set of obfuscated apps.

show abstract

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Cited by 72 publications

References 27 publications

A Large Scale Investigation of Obfuscation Use in Google Play

A Large Scale Investigation of Obfuscation Use in Google Play

StoryDroid: Automated Generation of Storyboard for Android Apps

DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling

Contact Info

Product

Resources

About