Security Assessment of Code Obfuscation Based on Dynamic Monitoring in Android Things
Android-based Internet-of-Things devices with excellent compatibility and openness are
constantly emerging. A typical example is Android Things that Google supports. Compatibility based on
the same platform can provide more convenient personalization services centering on mobile devices, while
this uniformity-based computing environment can expose many security vulnerabilities. For example, new
mobile malware running on Android can instantly transition to all connected devices. In particular, the
Android platform has a structural weakness that makes it easy to repackage applications. This can lead to
malicious behavior. To protect mobile apps that are vulnerable to malicious activity, various code obfuscation
techniques are applied to key logic. The most effective one of this kind involves safely concealing application
programming interfaces (API). It is very important to ensure that obfuscation is applied to the appropriate
API with an adequate degree of resistance to reverse engineering. Because there is no objective evaluation
method, it depends on the developer judgment. Therefore, in this paper, we propose a scheme that can
quantitatively evaluate the level of hiding of APIs, which represent the function of the Android application
based on machine learning theory. To perform the quantitative evaluation, the API information is obtained
by static analysis of a DEX file, and the API-called code executed in Dalvik in the Android platform is
dynamically extracted. Moreover, the sensitive APIs are classified using the extracted API and Naive Bayes
classification. The proposed scheme yields a high score according to the level of hiding of the classified API.
We tested the proposed scheme on representative applications of the Google Play Store. We believe it can
be used as a model for obfuscation assessment schemes, because it can evaluate the level of obfuscation in
general without relying on specific obfuscation tools.
KeyWords
Android Things, mobile security, security assessment.
|