Abstract
Smali code and .Dex file can be completely compiled and decompiled reciprocally. Thus any new functions can be injected into an existing android application directly after decompiling it into smali code under the condition of that we needn’t to modify any java code to develop the application. This leads the android applications to be modified and cracked arbitrarily. In order to prevent it from being decompiled and bundled malicious code, we summarized current typical methods of anti-crack and anti-decompilation, then propose two new solutions based on smali injection, which can protect the security of the android applications effectively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Enck, W., Ongtang, M., Mcdaniel, P.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245. ACM (2009)
Enck, W., Cox, L.P., Jung, J., et al.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones, Vancouver, BC (October 2010)
Enck, W., Octeau, D., Mcdaniel, P., Chaudhuri, S.: A study of android application security. In: Proc. USENIX Security Symposium (2011)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS (2011)
Felt, A.P., Hanna, S., Chin, E., Wang, H.J., Moshchuk, E.: Permission re-delegation: Attacks and defenses. In: 20th Usenix Security Symposium (2011)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: Computer Security Applications Conference, ACSAC 2009, pp. 340–349 (December 2009)
Dietz, M., Shekhar, S., Wallach, D.S., Pisetsky, Y., Shu, A.: Quire: Lightweight provenance for smart phone operating systems, San Francisco, CA (August 2011)
Rastogi, V., Chen, Y., Jiang, X.: Catch me if you can: Evaluating android anti-malware against transformation attacks. IEEE Transactions on Information Forensics and Security 9, 99–108 (2014)
Berthome, P., Fecherolle, T., Guilloteau, N., Lalande, J.F.: Repackaging android applications for auditing access to private data. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 388–396 (August 2012)
Cozzette, A., Lingel, K., Matsumoto, S., Ortlieb, O., Alexander, J., Betser, J., Florer, L., Kuenning, G., Nilles, J., Reiher, P.: Improving the security of android inter-component communication. In: 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), pp. 808–811 (May 2013)
Mulliner, C., Liebergeld, S., Lange, M., Seifert, J.-P.: Taming mrhayes: Mitigating signaling based attacks on smartphones. In: 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12 (June 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Xu, J., Li, S., Zhang, T. (2014). Security Analysis and Protection Based on Smali Injection for Android Applications. In: Sun, Xh., et al. Algorithms and Architectures for Parallel Processing. ICA3PP 2014. Lecture Notes in Computer Science, vol 8630. Springer, Cham. https://doi.org/10.1007/978-3-319-11197-1_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-11197-1_44
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11196-4
Online ISBN: 978-3-319-11197-1
eBook Packages: Computer ScienceComputer Science (R0)