The performance cost of software obfuscation for Android applications

Abstract

Software security of Android applications is especially susceptible (vulnerable) to malicious reverse engineer than the native code based software, because its Java bytecode is easier to decompile and to reconstruct the original Java source code. Therefore obfuscation is an essential criterion for the protection of Android applications. Meanwhile, the unpredicted performance loss will be caused by the obfuscation, which might seriously influence the user experience of the software. Therefore the obfuscation degree and the performance cost out of it require being optimized. In this paper, we are working on the problem that: to obfuscate an Android application to a target level of “difficulty” degree, while not substantially “slowing it down”. We measure “difficulty” by utilizing software complexity metrics and the “slow” in CPU cycles. Within the framework designed for obfuscating Android applications, we implement the “Naïve Bayesian Classifier” algorithm for the optimized obfuscation of the software complexity and the performance, and show that it outperforms the algorithm whose predictions rely on mean values. We furthermore investigate the performance penalty imposed by obfuscation process when framework targets different complexity values and metrics. We show that some obfuscation methods are more performance costly than others to achieve the same metric value increase. Our result shows that, for any given software complexity, the required performance benefits can be achieved if the right obfuscation techniques are used.