Detecting Android obfuscation techniques

AuthorHachenberger, Julien; Krauß, Christoph; Baier, Harald; Rasthofer, Siegfried
TypeMaster Thesis
AbstractWith a market share of 86%, Android is the most common operating system on mobile devices[6]. On the downside, todays Android developers face various problems. Reverse engineering is one of those problems and it affects benign applications as well as malicious ones. The benign developers want to mitigate the risk of software piracy. Malicious applications try to hide from security analysts. For this purpose, both parties make use of various obfuscation techniques. Up to now, neither a comprehensive analysis of these obfuscation techniques is available, nor a general approach to detect them. Therefore, this work will present Deobdroid. An extendable, static analysis approach to detect Java-layer based obfuscation techniques. To develop Deobdroid, different implementations of obfuscation techniques have been studied. This knowledge lead to a benchmark-suite which contains the implementations of those techniques. On this basis, a flexible detection approach has been designed. The implementation of this approach is called Deobdroid. With the help of Deobdroid, a mass analysis has been performed on 12.000 benign and 38.000 malicious samples. The evaluation revealed promising results with respect to recall and demonstrates the need for more context-awareness to improve precision.
Darmstadt, Hochschule, Master Thesis, 2016