|//No Comment - Android Code Protection via Obfuscation, DroidLeaks & DELTA Logging Tool|
|Written by Mike James|
|Friday, 02 December 2016|
• Android Code Protection via Obfuscation
• DroidLeaks: Benchmarking Resource Leak Bugs for Android Applications
• DELTA: Data Extraction and Logging Tool for Android
Sometimes the news is reported well enough elsewhere and we have little to add other than to bring it to your attention.
No Comment is a format where we present original source information, lightly edited, so that you can decide if you want to follow it up.
Obfuscation is about the only method that we can use to protect our code from evil people wanting to reverse engineer it but it is also the way that malware avoids being zapped by anti-malware. New research via a survey indicates what the current state of play is with obfuscation and de-obfuscation methods for Android code.
Android popularity has motivated the malware authors to employ set of cyber attacks leveraging code obfuscation techniques. Obfuscation is an action that modifies an application (app) code, preserving the original semantics and functionality to evade anti-malware.
Code obfuscation is a contentious issue. Theoretical code analysis techniques indicate that, attaining a verifiable and secure obfuscation is impossible. However, obfuscation tools and techniques are popular both among malware developers (to evade anti-malware) and commercial software developers (protect intellectual rights).
We conducted a survey to uncover answers to concrete and relevant questions concerning Android code obfuscation and protection techniques. The purpose of this paper is to review code obfuscation and code protection practices, and evaluate efficacy of existing code de-obfuscation tools. In particular, we discuss Android code obfuscation methods, custom app protection techniques, and various de-obfuscation methods.
Furthermore, we review and analyse the obfuscation techniques used by malware authors to evade analysis efforts. We believe that, there is a need to investigate efficiency of the defense techniques used for code protection. This survey would be beneficial to the researchers and practitioners, to understand obfuscation and de-obfuscation techniques to propose novel solutions on Android.
Android is an over complex application API and its use of multiple components with different lifetime models plus its often vague documentation of how resources are disposed of makes it all too likely that there are resource leaks in almost any program that goes beyond "hello world". Until now this has just been a vague feeling but now we have the evidence that it is true:
"Resource leak bugs in Android apps are pervasive and can cause serious performance degradation and system crashes. In recent years, several resource leak detection techniques have been proposed to assist Android developers in correctly managing system resources. Yet, there exist no common bug benchmarks for effectively and reliably comparing such techniques and quantitatively evaluating their strengths and weaknesses.
This paper describes our initial contribution towards constructing such a benchmark. To locate real resource leak bugs, we mined 124,215 code revisions of 34 large-scale open-source Android apps. We successfully found 298 fixed resource leaks, which cover a diverse set of resource classes, from 32 out of the 34 apps.
To understand the characteristics of these bugs, we conducted an empirical study, which revealed the root causes of frequent resource leaks in Android apps and common patterns of faults made by developers. With our findings, we further implemented a static checker to detect a common pattern of resource leaks in Android apps. Experiments showed that the checker can effectively locate real resource leaks in popular Android apps, confirming the usefulness of our work."
So how bad is it?
"32 of the 34 apps (94.1%) were infected by resource leaks, which is a scary fact suggesting the pervasiveness of resource leak bugs in realworld Android apps."
And what are the major causes?
"Complex app component lifecycle, unexpected user interactions, environment interplay, API unfamiliarity, and high level of concurrency are five major reasons why Android apps often leak resources during normal executions."
Want to collect data from an Android device? DELTA might be what you are looking for:
Together with an increase in raw processing power, modern smartphones are equipped with a wide variety of sensors and expose an extensive set of API (Accessible Programming Interface). These capabilities allow us to extract a wide spectrum of data that ranges from information about the environment (e.g., position, orientation) to user habits (e.g., which apps she uses and when), as well as about the status of the operating system itself (e.g., memory, network adapters).
This data can be extremely valuable in many research fields such as user authentication, intrusion detection and detection of information leaks. For these reasons, researchers need to use a solid and reliable logging tool to collect data from mobile devices.
In this paper, we first survey the existing logging tools available on the Android platform, comparing the features offered by different tools and their impact on the system, and highlighting some of their shortcomings. Then, we present DELTA - Data Extraction and Logging Tool for Android, which improves the existing Android logging solutions in terms of flexibility, fine-grained tuning capabilities, extensibility, and available set of logging features. We performed a full implementation of DELTA and we run a thorough evaluation on its performance. The results show that our tool has low impact on the performance of the system, on battery consumption, and on user experience. Finally, we make the DELTA source code and toolset available to the research community.
DELTA is open source and can be found at https://github.com/tarockx/DELTA.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 02 December 2016 )|