Abstract
We investigate the problem of creating complex software obfuscation for mobile applications. We construct complex software obfuscation from sequentially applying simple software obfuscation methods. We define several desirable and undesirable properties of such transformations, including idempotency and monotonicity. We empirically evaluate a set of 7 obfuscation methods on 240 Android Packages (APKs). We show that many obfuscation methods are idempotent or monotonous.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Although we rely heavily on Pandora, please note that our framework does not implement any obfuscation methods or metrics itself and can be extended with other obfuscation tools (such as Sandmark) later. It therefore is rather a “meta framework”.
- 2.
In the following figures, we have scaled down the graphs to improve the visual “overview” impression with multiple graphs on one page. The caption repeats the method and metric for readability.
References
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)
Beyer, D., Fararooy, A.: A simple and effective measure for complex low-level dependencies. In: Proceedings of the 2010 IEEE 18th International Conference on Program Comprehension, ICPC 2010, pp. 80–83. IEEE Computer Society, Washington, DC (2010)
Canetti, R., Dakdouk, R.R.: Obfuscating point functions with multibit output. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 489–508. Springer, Heidelberg (2008)
Ceccato, M., Penta, M., Falcarin, P., Ricca, F., Torchiano, M., Tonella, P.: A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques. Empirical Softw. Eng. 19(4), 1040–1074 (2013)
Chidamber, S.R., Kemerer, C.F.: Towards a metrics suite for object oriented design. SIGPLAN Not. 26(11), 197–211 (1991)
Cilibrasi, R., Vitányi, P.M.B.: Clustering by compression. IEEE Trans. Inf. Theory 51(4), 1523–1545 (2005)
Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking and Tamperproofing for Software Protection. Addison-Wesley Longman, Amsterdam (2009)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Sciences, The University of Auckland, July 1997
Collberg, C.S., Myles, G., Huntwork, A.: Sandmark-a tool for software protection research. IEEE Secur. Priv. 1(4), 40–49 (2003)
Dalla Preda, M., Giacobazzi, R.: Semantics-based code obfuscation by abstract interpretation. J. Comput. Secur. (JCS) 17(6), 855–908 (2009)
Desnos, A., Gueguen, G.: Android: From reversing to decompilation. In: Black Hat, Abu Dhabi (2011)
F-Droid Ltd., F-droid. https://f-droid.org/
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49. IEEE Computer Society (2013)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing (STOC), pp. 169–178. ACM, New York (2009)
Lafortune, E.: Proguard homepage, June 2014. http://proguard.sourceforge.net/
McCabe, T.: A complexity measure. IEEE Trans. Softw. Eng. SE-2(4), 308–320 (1976)
Meyer, J., Reynaud, D.: Jasmin. http://jasmin.sourceforge.net/
Pouik and G0rfi3ld: Similarities for fun and profit, April 2014. http://phrack.org/issues/68/15.html
Protsenko, M., Müller, T.: Pandora applies non-deterministic obfuscation randomly to android. In: MALWARE, pp. 59–67. IEEE (2013)
Vallée-Rai, R., Gagnon, E., Hendren, L.J., Lam, P., Pominville, P., Sundaresan, V.: Optimizing java bytecode using the soot framework: is it feasible? In: Watt, D.A. (ed.) CC/ETAPS 2000. LNCS, vol. 1781, pp. 18–34. Springer, Heidelberg (2000)
Wee, H.: On obfuscating point functions. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing (STOC), Baltimore, MD, USA, pp. 523–532. ACM, April 2005
Acknowledgments
We wish to thank Tilo Müller for his comments on a prior version of this paper. This work was partly supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89), the “Bavarian State Ministry of Education, Science and the Arts” as part of the FORSEC research association, and by a scholarship of the Chinese State Scholarship Fund.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Freiling, F.C., Protsenko, M., Zhuang, Y. (2015). An Empirical Evaluation of Software Obfuscation Techniques Applied to Android APKs. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-23802-9_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23801-2
Online ISBN: 978-3-319-23802-9
eBook Packages: Computer ScienceComputer Science (R0)