Abstract
Application repackaging is a severe problem for Android systems. Many Android malware programs pass the mobile platform fundamental security barriers through repackaging other legitimate apps. Most of the existing anti-repackaging schemes only work at the Android DEX bytecode level, but not for the shared object files consisting of native ARM-based machine instructions. Lacking the protection at the native machine code level opens a door for attackers to launch repackaging attacks on the shared libraries that are commonly used on Android apps. This paper presents CodeCloak, a novel anti-repackaging system to protect Android apps at the native code level. CodeCloak employs binary-level code virtualization techniques to protect the target application. At the native machine code level, it uses a newly designed stack-based virtualization structure to obfuscate and protect critical algorithm implementations that have been compiled into native instructions. It leverages multiple dynamic code protection schemes to increase the diversity of the program behavior at runtime, aiming to increase the difficulties for performing code reverse engineering. We evaluate CodeCloak under typical app repackaging scenarios. Experimental results show that CodeCloak can effectively protect apps against repackaging attacks at the cost of minimum overhead.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.