The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

An APK Overwrite Scheme for Preventing Modification of Android Applications

안드로이드 앱 변조 방지를 위한 APK 덮어쓰기 기법

  • Received : 2014.04.07
  • Accepted : 2014.04.16
  • Published : 2014.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

It is easy to reverse engineer an Android app package file(APK) and get its decompiled source code. Therefore, attackers obtains economic benefits by illegally using the decompiled source code, or modifies an app by inserting malware. To address these problems in Android, we propose an APK overwrite scheme that protects apps against illegal modification of themselves by using a new anti-reverse engineering technique. In this paper, the targets are the apps which have been written by any programmer. For a target app (original app), server system (1) makes a copy of a target app, (2) encrypts the target app, (3) creates a stub app by replacing the DEX (Dalvik Executable) of the copied version with our stub DEX, and then (4) distributes the stub app as well as the encrypted target app to users of smartphones. The users downloads both the encrypted target app and the corresponding stub app. Whenever the stub app is executed on smartphones, the stub app and our launcher app decrypt the encrypted target app, overwrite the stub app with the decrypted target one, and executes the decrypted one. Every time the target app ends its execution, the decrypted app is deleted. To verify the feasibility of the proposed scheme, experimentation with several popular apps are carried out. The results of the experiment demonstrate that our scheme is effective for preventing reverse engineering and tampering of Android apps.

안드로이드 앱(Android app, APK)을 역공학하여 디컴파일된 소스 코드를 획득하는 것이 용이하다. 공격자는 디컴파일된 소스코드를 불법적으로 사용하여 경제적 이득을 얻거나 악성코드를 삽입하여 앱을 변조하기도 한다. 이러한 문제를 해결하기 위해, 본 논문에서는 역공학 방지 방법을 사용하여 안드로이드 앱에 대한 불법 변조를 방지하는 APK 덮어쓰기 기법을 제안한다. 연구 대상은 임의 프로그래머에 의해 작성된 앱들이다. '대상 앱'(원본 앱)에 대해, 서버 시스템은 (1) 대상 앱의 복사본 생성, (2) 그 대상 앱을 암호화, (3) 복사본의 DEX (Dalvik Executable) 부분을 스텁(stub) DEX로 교체하여 스텁 앱 생성, (4) 암호화된 대상 앱 및 스텁 앱을 배포한다. 스마트폰 사용자는 암호화된 대상 앱 및 스텁 앱을 다운받는다. 스텁 앱이 스마트폰에서 실행될 때마다, 스텁 앱은 런처(launcher) 앱과 협력하여 암호화된 대상 앱을 복호화한 후 자신을 덮어쓰게 하여 원본 대상 앱이 실행되게 한다. 실행이 끝나면 복호화된 앱은 삭제된다. 제안 기법의 가능성을 검증하기 위해 여러 대중적인 앱들로 실험하여 보았다. 실험 결과, 제안 기법이 안드로이드 앱에 대해 역공학 및 변조 공격을 방지하는데 효과적임을 알 수 있다.

Keywords

References

  1. A. Datta, K. Dutta, S. Kajanan, and N. Pervin, "Mobilewalla: A mobile application search engine," Mobile Computing, Applications, and Services, Springer, Berlin Heidelberg, pp. 172-187, 2012.
  2. Yun-Jae Jang, Kyoung-Wook Park, and Sung-Keun Lee, "A Home Automation system based on Smart phone," J. KICS, vol. 6, no. 4, pp. 589-594, Aug., 2011.
  3. J. S. Lim, H. M. Lee, and S. C. Kim, "Black-box app for vehicle using android phone," in Proc. KICS, pp. 688-691, Feb. 2012.
  4. F-Secure Team, Mobile Threat Report Q4 2012, F-Secure Technical Report, Dec. 2012.
  5. J. Kim and E. Lee, "A strategy of effectively applying a control flow obfuscation to programs," J. Korea Soc. Comput. Inf., vol 16, no. 6, pp. 41-50 Jun. 2011. https://doi.org/10.9708/jksci.2011.16.6.041
  6. Y. Piao, J. Jung, and J. H. Yi, "Structural and Functional Analyses of ProGuard Obfuscation Tool," J. KICS, vol. 38, no. 8, pp. 654-662, Aug. 2013. https://doi.org/10.7840/kics.2013.38B.8.654
  7. D. Kim and Y. Park, "Effective detection and analysis for malicious-related API calls in obfuscated android malware," in Proc. KIISE, pp. 790-792, Nov. 2013.
  8. S.-R. Kim, "Copy protection system for android app using public key infrastructure," J. Security Eng., vol. 9, no. 1, pp. 121-134, Feb. 2012.
  9. DigiCaP Team, "DigiCAP Codejam Service," Retrieved Mar., 30, 2014 from http://www.cod ejam.or.kr/codejam
  10. J. Jang, S. Han, Y. Cho, U J. Choe, and J. Hong, "Survey of security threats and countermeasures on android environment," J. Security Eng., vol. 11 no. 1, pp. 1-12, 2014. https://doi.org/10.14257/jse.2014.02.01
  11. C.-H. Lee, Y.-U. Park, J.-H. Lim, H. Kim, C.-H. Lee, S.-J. Cho, and J. Yang, "Access control mechanism preventing application piracy on the android platform," J. KIISE: Comput. Practices and Lett., vol. 18, no. 10, Oct. 2012.
  12. K. I. Shin, J. S. Park, J. Y. Lee, and J. H. Park "Design and implementation of improved authentication system for android smartphone users," IEEE WAINA, pp. 704-707, Fukuoka, Mar. 2012.
  13. A. Biryukov, O. Dunkelman, N. Keller, D. Khovratovich, and A. Shamir, "Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds," Advances in Cryptology-EUROCRYPT 2010, Springer, vol. 6110, pp. 299-319, 2010.
  14. B. Alex and D. Khovratovich. "Related-key cryptanalysis of the full AES-192 and AES-256," Advances in Cryptology-ASIACRYPT 2009, Springer, vol. 5912, pp. 1-18, 2009.