DroidPro: An AOTC-Based Bytecode-Hiding Scheme for Packing the Android Applications

Abstract

Android is an open source mobile operating system represented by the Open Handset Alliance (OHA), developed by Google and other organizations since 2007, which has taken up most of the market share of smart devices. However, the applications on the platform are facing the increasingly serious security threat. Although the Android system itself provides a set of security mechanism to protect the safety of the system and applications, there are still many security risks. In order to hide the vulnerability of the applications and prevent the malicious users from tampering the apps, multiple anti-analysis methods have been applied by many Android packers to consolidate the apps. Bytecode-hiding is one of the most effective anti-analysis method, which can extract some bytecode from the Dex files and hide them from the vision of malicious analysts. Mostly, the hidden bytecode was encrypted, which can be recovered in runtime. But the conventional bytecode-hiding methods are always low-efficient and unsafe on some occasions, where the hidden bytecode can be recovered by the malicious analysts in some way. In this paper, we propose a bytecode-hiding scheme based on Ahead-Of-Time (AOT) compilation, called DroidPro, which can compile some chosen bytecode of Dex files of apps to native code in ahead-of-time that will be much harder to reverse. In our experiments, the apps packed by the packer associated with our bytecode-hiding scheme are more efficient and safer than other packers that use other bytecode-hiding schemes.