Towards Bridging the Gap Between Dalvik Bytecode and Native Code During Static Analysis of Android Applications
(2015) International Wireless Communications and Mobile Computing Conference 2015- Abstract
- We propose a method for statically analyzing components that can be part of Android applications and which have not been very well analyzed so far, namely native libraries. As of now, third-party native code can be seen as a black box that can be fed input parameters from the Dalvik bytecode context, and output parameters can be returned back to the bytecode context. However, the native code can still initialize and invoke Android API and internal Java-based application classes and methods solely within the native context using an interface towards the Dalvik Virtual Machine. This introduces a contingency during analysis and therefore, it is crucial to understand inner-workings of the native code in order to fully understand the behavior... (More)
- We propose a method for statically analyzing components that can be part of Android applications and which have not been very well analyzed so far, namely native libraries. As of now, third-party native code can be seen as a black box that can be fed input parameters from the Dalvik bytecode context, and output parameters can be returned back to the bytecode context. However, the native code can still initialize and invoke Android API and internal Java-based application classes and methods solely within the native context using an interface towards the Dalvik Virtual Machine. This introduces a contingency during analysis and therefore, it is crucial to understand inner-workings of the native code in order to fully understand the behavior of an application. The contribution of this paper is to bridge the gap between static analysis of Dalvik bytecode and native code by attempting to reconstruct calls to Android APIs and performing data-flow analysis inside native libraries. Our results from real-world applications show that such constructions used for invoking Java code inside native code do exist to some extent and could potentially be used more widely in order to obfuscate applications. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/5337350
- author
- Lantz, Patrik LU and Johansson, Björn
- organization
- publishing date
- 2015
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- Android Applications, Native Libraries, Java Native Interface, Static Analysis, Binary Slicing, Data-Flow Analysis
- host publication
- International Wireless Communications and Mobile Computing Conference, Dubrovnik, Croatia
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- conference name
- International Wireless Communications and Mobile Computing Conference 2015
- conference location
- Dubrovnik, Croatia
- conference dates
- 2015-08-24
- external identifiers
-
- scopus:84949483975
- ISBN
- 978-1-4799-5344-8
- DOI
- 10.1109/IWCMC.2015.7289149
- language
- English
- LU publication?
- yes
- id
- c4827b12-23c8-4807-86f4-3b5820d4949b (old id 5337350)
- date added to LUP
- 2016-04-04 11:01:11
- date last changed
- 2022-01-29 21:14:43
@inproceedings{c4827b12-23c8-4807-86f4-3b5820d4949b, abstract = {{We propose a method for statically analyzing components that can be part of Android applications and which have not been very well analyzed so far, namely native libraries. As of now, third-party native code can be seen as a black box that can be fed input parameters from the Dalvik bytecode context, and output parameters can be returned back to the bytecode context. However, the native code can still initialize and invoke Android API and internal Java-based application classes and methods solely within the native context using an interface towards the Dalvik Virtual Machine. This introduces a contingency during analysis and therefore, it is crucial to understand inner-workings of the native code in order to fully understand the behavior of an application. The contribution of this paper is to bridge the gap between static analysis of Dalvik bytecode and native code by attempting to reconstruct calls to Android APIs and performing data-flow analysis inside native libraries. Our results from real-world applications show that such constructions used for invoking Java code inside native code do exist to some extent and could potentially be used more widely in order to obfuscate applications.}}, author = {{Lantz, Patrik and Johansson, Björn}}, booktitle = {{International Wireless Communications and Mobile Computing Conference, Dubrovnik, Croatia}}, isbn = {{978-1-4799-5344-8}}, keywords = {{Android Applications; Native Libraries; Java Native Interface; Static Analysis; Binary Slicing; Data-Flow Analysis}}, language = {{eng}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, title = {{Towards Bridging the Gap Between Dalvik Bytecode and Native Code During Static Analysis of Android Applications}}, url = {{http://dx.doi.org/10.1109/IWCMC.2015.7289149}}, doi = {{10.1109/IWCMC.2015.7289149}}, year = {{2015}}, }