Abstract
With the popularization of smart devices, companies are adopting bring-your-own-device or mobile office policies that utilize personal smart devices for work. However, as work data are stored on individual smart devices, critical security threats are emerging, such as the leakage of confidential documents. Enterprises want to address this issue by adapting enterprise mobility management (EMM) solutions. Appwrapping is among the core technologies in EMM solutions, enabling security function insertion or misused code patching without the original application (app) source code. Studies on permission control, misused code patching, security function insertion based on static policies, etc., have been conducted, but there are limitations such as poor user convenience and overhead. In this paper, we propose an AppWrapper toolkit to support dynamic polices. Basically it can insert security function execution code into apps by using appwrapping technology without the original source code. This code uses Java reflection to invoke security functions dynamically based on preset policies. Accordingly, after the initial appwrapping, the policy can be changed easily. In addition, even when multiple security functions are required, Java reflection can invoke multiple security functions dynamically and simultaneously without conflicting with the existing code. The AppWrapper toolkit also provides a log function to check in real time where the security function is needed. Hence, the policy-setting administrator can check the log in real time and implement the security function where needed. Our experimental results show that this technique improves significantly the efficiency, effectiveness, and convenience of adding security function execution code.
Highlights
Android is an open-source platform used on about 72% of all mobile devices as of December 2019 [1]
The AppWrapper toolkit saw an increase of about 2.12%, even though the security function execution code was inserted to every method in every activity declared in AndroidManifest.xml due to the simplified security function execution code using the Java reflection technique
We proposed an AppWrapper toolkit that inserts security function execution code into each method unit of the activities declared in the AndroidManifest.xml file and copies the security library for insecure apps
Summary
Android is an open-source platform used on about 72% of all mobile devices as of December 2019 [1]. It extracts security function execution code and libraries from the EMM app at the bytecode level (smali code) and inserts them where needed It works on a static policy basis such that every time a policy is changed, security functions must be extracted and inserted into the app; in addition, repackaging is necessary. The extraction part only requires smali files that contain the security function execution code and its library, whereas in the patching part, the AndroidManifest.xml file is needed to check the app structure and the security function insertion location. The following subsections describe the security function execution code and library extraction, automatic appwrapping, security function operation and dynamic policy management, and real-time log checking and policy setting. It is possible to improve the user convenience by specifying a policy switch of the dynamic policy setting screen when the log is clicked at the required location
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
