An
Android Application Protection Scheme against Dynamic Reverse Engineering
Attacks 1Dept.
of Computer Science and Engineering, Dankook
University Yongin,
Gyeonggi 16890, South Korea 2Dept.
of Computer Engineering, Konkuk University Chungju,
Chungbuk 27478, South Korea {minkyup, schan}@kku.ac.kr Abstract Reverse engineering of Android applications is easy
because the applications are written in the high level but simple bytecode
language. Due to malicious reverse engineering attacks, many Android
applications are tampered and repackaged into malicious applications. To
protect Android applications from reverse engineering, many research studies
have proposed and developed anti-reverse engineering techniques such as
obfuscation, packing (packed executable), encryption, and anti-debugging. Obfuscation,
packing and encryption are the defense techniques against static reverse
engineering, which cannot prevent dynamic reverse engineering like memory
dumping and runtime debugging. On the other hand, the existing defense
techniques against dynamic reverse engineering have usually tried to protect
applications by determining whether they are being executed on an emulation-based
analysis environment and stopping their execution on the emulator. However,
the protection techniques based on detecting the emulators become ineffective
because attackers recently employ dynamic reverse engineering directly on
real mobile devices. This paper presents a new protection scheme for Android
applications against dynamic reverse engineering which can be applied on real
mobile devices. Our scheme checks if a device on which the application is
running is rooted and/or the application is being debugged. If so, our scheme
stops the execution of the application. Our experiments demonstrate that the
rooted/debugging environments detection techniques can be evaded by method
hooking attacks and that the evasion attack, fortunately, can be detected by
our scheme. One of the strength of our approach is that it is not implemented
as a part of application’s source code but a separate executable. It can be
applied to applications whose source code is not available. Keywords: Application Protection, Reverse
Engineering, Evasion Attack, Android, Rooting +: Corresponding author: Sangchul Han Chungbuk-do,
27478, Korea, Tel: +82-43-840-3605 Journal of Wireless Mobile
Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) |