A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps
| Autor: | Mariano Ceccato, Stefano Berlato |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2020 |
| Předmět: |
Reverse engineering
ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION Java GeneralLiterature_INTRODUCTORYANDSURVEY Computer Networks and Communications Computer science media_common.quotation_subject ComputingMilieux_LEGALASPECTSOFCOMPUTING 02 engineering and technology computer.software_genre Computer security Android app mental disorders 0202 electrical engineering electronic engineering information engineering Anti-debugging Anti-tampering Android apps Static analysis Android (operating system) Safety Risk Reliability and Quality computer.programming_language media_common Anti-tampering 020206 networking & telecommunications 020207 software engineering Static analysis Android apps Debugging Anti-debugging Malware computer Software |
| Popis: | Android apps are subject to malicious reverse engineering and code tampering for many reasons, like premium features unlocking and malware piggybacking. Scientific literature and practitioners proposed several Anti-Debugging and Anti-Tampering protections, readily implementable by app developers, to empower Android apps to react against malicious reverse engineering actively. However, the extent to which Android app developers deploy these protections is not known. In this paper, we describe a large-scale study on Android apps to quantify the practical adoption of Anti-Debugging and Anti-Tampering protections. We analyzed 14,173 apps from 2015 and 23,610 apps from 2019 from the Google Play Store. Our analysis shows that 59% of these apps implement neither Anti-Debugging nor Anti-Tampering protections. Moreover, half of the remaining apps deploy only one protection, not exploiting the variety of available protections. We also observe that app developers prefer Java to Native protections by a ratio of 99 to 1. Finally, we note that apps in 2019 employ more protections against reverse engineering than apps in 2015. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|