Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.5.1209

Study on Structure for Robust App Protection through Commercial Android App Hardening Service  

Ha, Dongsoo (Hanyang University)
Oh, Heekuck (Hanyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.5, 2018 , pp. 1209-1223 More about this Journal
Abstract
Android apps are made up of bytecode, so they are vulnerable to reverse engineering, and protection services are emerging that robustly repackage the app to compensate. Unlike cryptographic algorithms, the robustness of these protection services depends heavily on hiding the protection scheme. Therefore, there are few systematic discussions about the protection method even if destruction techniques of the protection service are various. And it is implemented according to the intuition of the developer. There is a need to discuss systematic protection schemes for robust security chains, rather than simple deployment of techniques disrupting static or dynamic analysis. In this paper, we analyze bangcle, a typical commercial Android app protection service, to examine the protection structure and vulnerable elements. We propose the requirements for robust structure and principles of protection structure.
Keywords
Android; Obfuscator; Protector; Packer; App hardening; Runtime protection;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Yishay Yovel. (2014). 4 Essential Ways to Protect My Mobile. Available: https://securityintelligence.com/how-to-protect-mobile-apps-essentials
2 Bangcle, "https://www.bangcle.com", 1. Oct. 2018.
3 Baidu, "http://apkprotect.baidu.com", 1. Oct. 2018.
4 360, "http://jiagu.360.cn", 1. Oct. 2018.
5 Ali, "http://jaq.alibaba.com", 1. Oct. 2018.
6 Tencent, "http://jiagu.qcloud.com", 1. Oct. 2018.
7 Architectural Principles That Prevent Code Modification or Reverse Engineering, "https://www.owasp.org/index.php/Architectural_Principles_That_Prevent_Code_Modification_or_Reverse_Engineering", 10. Oct. 2018.
8 J. Kim and K. Lee, "Robust Anti Reverse Engineering Technique for Protecting Android Applications using the AES Algorithm," Journal of KIISE, 42 (9), pp. 1100-1108, Sept. 2015.   DOI
9 J. Kim, N. Go, and Y. Park, "A Code Concealment Method using Java Reflection and Dynamic Loading in Android," Journal of the Korea Institute of Information Security & Cryptology, 25(1), pp. 17-30, Feb. 2015.   DOI
10 T. Strazzere and J. Sawyer, "Android Hacker Protection Level 0," presented at DEF CON 22, Aug. 2014.
11 S. Makkaveev and A. Bashan, "Unboxing Android: Everything you wanted to know about Android packers," presented at DEF CON 25, Aug. 2017.
12 Y. Zhang, X. Luo, and H. Yin, "The Terminator to Android Hardening Services," presented at HITCON 11, Aug. 2015.
13 Dalvik bytecode, "https://source.android.com/devices/tech/dalvik/dalvik-bytecode", 10. Oct. 2018.
14 R. Carbone, C. Bean, and M. Salois, " An In-depth Analysis of the Cold Boot Attack: Can it be Used for Sound For ensic Memory Acquisition?," Valcartier: Defence Research and Development Canada, Jan. 2011.
15 V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, H. Bos, K. Razavi, and C. Giuffrida, "Drammer: Deterministic rowhammer attacks on mobile platforms," Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1675-1689, Oct. 2016.
16 C. Collberg, C. Thomborson, and D. Low, "Manufacturing cheap, resilient, and stealthy opaque constructs," In Proc. 25th. ACM Symposium on Principles of Programming Languages, pp. 184-196, Jan. 1998.
17 JD-GUI, "http://jd.benow.ca", 10. Oct. 2018.
18 APKTOOL, "https://ibotpeaches.github.io/Apktool", 10. Oct. 2018.
19 Ijiami, "http://www.ijiami.cn", 1. Oct. 2018.
20 DEX2JAR, "https://github.com/pxb1988/dex2jar", 10. Oct. 2018.
21 C. Linn and S. Debray, "Obfuscation of executable code to improve resistance to static disassembly," Proceedings of the 10th ACM conference on Computer and communications security, pp. 290-299, Oct. 2003.
22 I. V. Popov, S. K. Debray, and G. R. Andrews. "Binary Obfuscation Using Signals," USENIX Security Symposium, pp. 275-290, Aug. 2007.