short-paper

A Cloud-Based Compilation and Hardening Platform for Android Apps

Authors:

Mykolai Protsenko,

Tilo MüllerAuthors Info & Claims

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Article No.: 37, Pages 1 - 6

https://doi.org/10.1145/3098954.3098959

Published: 29 August 2017 Publication History

Abstract

Software piracy in general and repackaged apps with attached malware in particular pose serious threats for the Android ecosystem. In this paper, we present a cloud-compilation approach enabling sophisticated hardening of apps for non-rooted stock Android. Our design is based on off-device ahead-of-time compilation made possible by the Android Runtime (ART). Due to an installer-stub-based second-stage delivery, we stay compatible to established app store distribution processes. We argue with a significant gain in security for our approach, since an adversary's toolbox is usually aimed at exploiting the type-information-rich bytecode shipped with apps, which is stripped to a large extent and almost entirely useless for reverse engineering attacks. We confirm the gain in security by comparing the output of popular reverse engineering tools for original and stripped versions of 695 real-world apps in our test set. In average 81.5 % of an app's bytecode is no longer of use to reverse engineers. Complementing existing protection approaches, we propose a platform that can integrate bytecode-targeting protection solutions and offers binary-targeting hooks to incorporate advanced protection measures for ahead-of-time compiled apps. Our evaluation shows a negligible performance impact at runtime and demonstrates the approach's compatibility on our test set.

References

[1]

Michael Backes, Sven Bugiel, Oliver Schranz, Philipp Styp-Rekowsky von, and Sebastian Weisgerber. 2017. ARTist: The Android Runtime Instrumentation and Security Toolkit. In Proc. of the 2nd IEEE European Symposium on Security and Privacy (Euro S&P '17) (2017-04-26).

[2]

Alexandre Bartel, Jacques Klein, Yves Le Traon, and Martin Monperrus. 2012. Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot. In Proc. of the ACM SIGPLAN Int. Workshop on State of the Art in Java Program analysis, SOAP 2012, Beijing, China, June 14, 2012. 27--38.

Digital Library

[3]

Anestis Bechtsoudis. 2015. Fuzzing Objects d'ART: Digging Into the New Android L Runtime Internals. (2015). http://census-labs.com/media/Fuzzing_Objects_d_ART_hitbsecconf2015ams_WP.pdf. Accessed: 2016-10-31.

[4]

Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, Univ. of Auckland, New Zealand.

[5]

Christian S. Collberg and Clark D. Thomborson. 2002. Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection. IEEE Trans. Software Eng. 28, 8 (2002), 735--746.

Digital Library

[6]

Anthony Desnos and Geoffroy Gueguen. 2011. Android: From reversing to decompilation. Black Hat Abu Dhabi (2011).

[7]

Gartner Inc. 2015. Gartner Says Emerging Markets Drove Worldwide Smartphone Sales to 15.5 Percent Growth in Third Quarter of 2015. http://www.gartner.com/newsroom/id/3169417. (2015). Accessed: 2016-03-04.

[8]

Google Inc. 2015. Keynote Google I/O '15. https://www.youtube.com/watch?v=7V-fIGMDsmE. (2015). Accessed: 2016-03-04.

[9]

Pascal Junod, Julien Rinaldini, Johan Wehrli, and Julie Michielin. 2015. Obfuscator-LLVM: software protection for the masses. In Proceedings of the 1st Int. Workshop on Software Protection. IEEE Press, 3--9.

Digital Library

[10]

Jonathon Levin. 2015. Dalvik and ART. http://newandroidbook.com/files/Andevcon-DEX.pdf. (2015). Accessed: 2016-02-27.

[11]

Nikos Mavrogiannopoulos, Nessim Kisserli, and Bart Preneel. 2011. A taxonomy of self-modifying code for obfuscation. Computers & Security 30, 8 (2011), 679--691.

Digital Library

[12]

Mykolai Protsenko, Sebastien Kreuter, and Tilo Müller. 2015. Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code. In Availability, Reliability and Security (ARES), 2015 10th Int. Conference on. IEEE, 129--138.

Digital Library

[13]

Mykola Protsenko and Tilo Müller. 2013. PANDORA applies non-deterministic obfuscation randomly to Android. In 8th Int. Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013, Fajardo, PR, USA, October 22-24, 2013. 59--67.

[14]

Paul Sabanal. 2015. Hiding Behind ART. Black Hat Asia 2015, Singapore (2015). Accessed: 2016-01-23.

[15]

Samsung Electronics Co,. Ltd. 2014. Samsung and Google to bring Enterprise Enhancements to Android. (2014). https://news.samsung.com/global/samsung-and-google-to-bring-enterprise-enhancements-to-android/. Accessed: 2016-03-04.

[16]

Trend Micro Inc. 2016. DressCode and its Potential Impact for Enterprises. (2016). http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/. Accessed: 2017-02-21.

[17]

Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot -- a Java bytecode optimization framework. In Proc. of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research. 13.

Digital Library

[18]

Min Zheng, Patrick PC Lee, and John CS Lui. 2012. ADAM: an automatic and extensible platform to stress test Android antivirus systems. In Int. Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 82--101.

Digital Library

[19]

Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning. 2012. Detecting repackaged smartphone applications in third-party Android marketplaces. In Proc. of the second ACM conference on Data and Application Security and Privacy. ACM, 317--326.

Digital Library

[20]

Yajin Zhou and Xuxian Jiang. 2012. Dissecting Android malware: Characterization and evolution. In Proc. of the 33rd IEEE Symposium on Security and Privacy. IEEE, 95--109.

Digital Library

Cited By

Charalampidis PMakrogiannakis AKaramolegkos NPapadakis SCharalambakis YKamaratakis GFragkiadakis A(2022)A flexible Compilation-as-a-Service and Remote-Programming-as-a-Service platform for IoT devicesInternet of Things10.1016/j.iot.2022.10061720(100617)Online publication date: Nov-2022
https://doi.org/10.1016/j.iot.2022.100617
Charalampidis PFragkiadakis A(2021)A Compilation-and Remote-Programming-as-a-Service Platform for IoT Devices2021 IEEE International Conference on Joint Cloud Computing (JCC)10.1109/JCC53141.2021.00025(80-85)Online publication date: Aug-2021
https://doi.org/10.1109/JCC53141.2021.00025
Kalysch AMilisterfer OProtsenko MMüller T(2018)Tackling Androids Native Library Malware with Robust, Efficient and Accurate Similarity MeasuresProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3232828(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3232828
Show More Cited By

A Cloud-Based Compilation and Hardening Platform for Android Apps
1. Security and privacy
  1. Systems security

Recommendations

Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems

Communications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Analyzing GUI running fluency for Android apps
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and Communication

Android as a free open platform has become increasingly popular and been widespread adopted in mobile, tablet, and other devices. However, a great number of issues, such as inadequate quality and the fragmentation phenomenon, have emerged, enhancing the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

August 2017

853 pages

ISBN:9781450352574

DOI:10.1145/3098954

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

ARES '17

ARES '17: International Conference on Availability, Reliability and Security

August 29 - September 1, 2017

Reggio Calabria, Italy

Acceptance Rates

ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
144
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Charalampidis PMakrogiannakis AKaramolegkos NPapadakis SCharalambakis YKamaratakis GFragkiadakis A(2022)A flexible Compilation-as-a-Service and Remote-Programming-as-a-Service platform for IoT devicesInternet of Things10.1016/j.iot.2022.10061720(100617)Online publication date: Nov-2022
https://doi.org/10.1016/j.iot.2022.100617
Charalampidis PFragkiadakis A(2021)A Compilation-and Remote-Programming-as-a-Service Platform for IoT Devices2021 IEEE International Conference on Joint Cloud Computing (JCC)10.1109/JCC53141.2021.00025(80-85)Online publication date: Aug-2021
https://doi.org/10.1109/JCC53141.2021.00025
Kalysch AMilisterfer OProtsenko MMüller T(2018)Tackling Androids Native Library Malware with Robust, Efficient and Accurate Similarity MeasuresProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3232828(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3232828
Afonso VKalysch AMüller TOliveira DGrégio Ade Geus P(2018)Lumus: Dynamically Uncovering Evasive Android ApplicationsDevelopments in Language Theory10.1007/978-3-319-99136-8_3(47-66)Online publication date: 15-Aug-2018
https://doi.org/10.1007/978-3-319-99136-8_3

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents