A Technique for Protecting Android Applications using Executable Code Encryption and Integrity Verification
2014, 10(1), pp.19-26
Publisher : Korea Software Assessment and Valuation Society
Research Area : Computer Science
HyungJoon Shim 1 , Sangwook Cho 2 , Younsik Jeong 3 , Chanhee Lee 4 , Sangchul Han 5 , SEONG JE CHO 6
1
단국대학교
2
단국대학교
3
단국대학교
4
단국대학교
5
단국대
6
단국대학교
-
In this paper, we propose a method for protecting Android applications against reverse engineering attacks. In this method, the server encrypts the original executable code (DEX) included in an APK file, inserts into the APK file a stub code that decrypts the encrypted DEX later at run-time, and distributes the modified APK file. The stub code includes an integrity validation code to detect attacks on itself. When a user installs and executes the APK file, the stub code verifies the integrity of itself, decrypts the encrypted DEX, and loads it dynamically to execute. Since the original DEX is distributed as an encrypted one, we can effectively protect the intellectual property. Further, by verifying the integrity of the stub code, we can prevent malicious users from bypassing our method. We applied the method to 15 Android apps, and evaluated its effectiveness. We confirmed that 13 out of them operates normally.
123
Viewed
Print this page
Download PDF