Automatic Components Separation of Obfuscated Android Applications: An Empirical Study of Design Based Features

Amit Kumar Mondal, Chanchal K. Roy, Banani Roy, Kevin A. Schneider


Abstract
In modern days, mobile applications (apps) have become omnipresent. Components of mobile apps (such as 3rd party libraries) require to be separated and analyzed differently for security issue detection, repackaged app detection, tumor code purification and so on. Various techniques are available to automatically analyze mobile apps. However, analysis of the app's executable binary remains challenging due to required curated database, large codebases and obfuscation. Considering these, we focus on exploring a versatile technique to separate different components with design-based features independent of code obfuscation. Particularly, we conducted an empirical study using design patterns and fuzzy signatures to separate app components such as 3rd party libraries. In doing so, we built a system for automatically extracting design patterns from both the executable package (APK) and Jar of an Android application. The experimental results with various standard datasets containing 3rd party libraries, obfuscated apps and malwares reveal that design features like these are present significantly within them (within 60% APKs including malware). Moreover, these features remain unaltered even after app obfuscation. Finally, as a case study, we found that the design patterns alone can detect 3rd party libraries within the obfuscated apps considerably (F1 score is 32%). Overall, our empirical study reveals that design features might play a versatile role in separating various Android components for various purposes.
Cite:
Amit Kumar Mondal, Chanchal K. Roy, Banani Roy, and Kevin A. Schneider. 2019. Automatic Components Separation of Obfuscated Android Applications: An Empirical Study of Design Based Features. 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW).
Copy Citation: