Comparative Analysis of Mobile App
Reverse Engineering Methods on Dalvik and ART Geonbae Na, Jongsu Lim, Kyoungmin
Kim, and Jeong Hyun Yi+
Soongsil
University, Seoul, 06978, Korea {nagb, jongsu253, mseckkm,
jhyi}@ssu.ac.kr Abstract The runtime system for the Android platform has
changed to ART. ART differs from previously used Dalvik
in that it is to be a runtime environment for the application’s machine code.
As a result, ART does not execute Dalvik bytecode through an interpreter but executes the machine
code itself, leading to high performance and many other benefits. This change
in runtime system also has many implications for mobile security. While we
can anticipate with certainty the resurgence of modified malicious activity
or malicious applications previously used with Dalvik
or the emergence of completely new structures of malicious techniques, we can
no longer ascertain the feasibility of the analysis techniques and analysis
tools used against these malicious applications that operated in Dalvik. To combat future potential malicious techniques
for ART, we must first have a clear understanding of ART and, with this foundation,
to effectively and accurately utilize the correct analysis technique. Thus,
this paper serves to introduce an analysis on the operating method and
architecture of ART and, based on this information, address the executable
feasibility of the analysis techniques in ART. Furthermore, we present the
test results of running these analysis tools and techniques in ART. Keywords: Android
runtime, reverse engineering, dynamic analysis +: Corresponding author: Jeong Hyun Yi
Journal of Internet Services and Information Security (JISIS), 6(3): 27-39, August 2016 [pdf] |
|