A large scale investigation of obfuscation use in google play

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Dominik Wermke
  • Nicolas Huaman
  • Yasemin Acar
  • Bradley Reaves
  • Patrick Traynor
  • Sascha Fahl

Organisationseinheiten

Externe Organisationen

  • North Carolina State University
  • University of Florida
  • Ruhr-Universität Bochum
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksACM International Conference Proceeding Series
Herausgeber (Verlag)Association for Computing Machinery (ACM)
Seiten222-235
Seitenumfang14
ISBN (elektronisch)9781450365697
PublikationsstatusVeröffentlicht - 3 Dez. 2018
Veranstaltung34th Annual Computer Security Applications Conference, ACSAC 2018 - San Juan, USA / Vereinigte Staaten
Dauer: 3 Dez. 20187 Dez. 2018

Publikationsreihe

NameACM International Conference Proceeding Series

Abstract

Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also report difficulties obfuscating their own apps. To better understand, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. These findings have broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software.

ASJC Scopus Sachgebiete

Zitieren

A large scale investigation of obfuscation use in google play. / Wermke, Dominik; Huaman, Nicolas; Acar, Yasemin et al.
ACM International Conference Proceeding Series. Association for Computing Machinery (ACM), 2018. S. 222-235 (ACM International Conference Proceeding Series).

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Wermke, D, Huaman, N, Acar, Y, Reaves, B, Traynor, P & Fahl, S 2018, A large scale investigation of obfuscation use in google play. in ACM International Conference Proceeding Series. ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), S. 222-235, 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, USA / Vereinigte Staaten, 3 Dez. 2018. https://doi.org/10.48550/arXiv.1801.02742, https://doi.org/10.1145/3274694.3274726
Wermke, D., Huaman, N., Acar, Y., Reaves, B., Traynor, P., & Fahl, S. (2018). A large scale investigation of obfuscation use in google play. In ACM International Conference Proceeding Series (S. 222-235). (ACM International Conference Proceeding Series). Association for Computing Machinery (ACM). https://doi.org/10.48550/arXiv.1801.02742, https://doi.org/10.1145/3274694.3274726
Wermke D, Huaman N, Acar Y, Reaves B, Traynor P, Fahl S. A large scale investigation of obfuscation use in google play. in ACM International Conference Proceeding Series. Association for Computing Machinery (ACM). 2018. S. 222-235. (ACM International Conference Proceeding Series). doi: 10.48550/arXiv.1801.02742, 10.1145/3274694.3274726
Wermke, Dominik ; Huaman, Nicolas ; Acar, Yasemin et al. / A large scale investigation of obfuscation use in google play. ACM International Conference Proceeding Series. Association for Computing Machinery (ACM), 2018. S. 222-235 (ACM International Conference Proceeding Series).
Download
@inproceedings{077936cc3e164f859acf8306cff94033,
title = "A large scale investigation of obfuscation use in google play",
abstract = "Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also report difficulties obfuscating their own apps. To better understand, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. These findings have broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software.",
keywords = "Android, Obfuscation, User Study",
author = "Dominik Wermke and Nicolas Huaman and Yasemin Acar and Bradley Reaves and Patrick Traynor and Sascha Fahl",
note = "Funding Information: This work was supported in part by the National Science Foundation under grant numbers CNS-1526718 and CNS-1562485. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reect the views of the National Science Foundation. ; 34th Annual Computer Security Applications Conference, ACSAC 2018 ; Conference date: 03-12-2018 Through 07-12-2018",
year = "2018",
month = dec,
day = "3",
doi = "10.48550/arXiv.1801.02742",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery (ACM)",
pages = "222--235",
booktitle = "ACM International Conference Proceeding Series",
address = "United States",

}

Download

TY - GEN

T1 - A large scale investigation of obfuscation use in google play

AU - Wermke, Dominik

AU - Huaman, Nicolas

AU - Acar, Yasemin

AU - Reaves, Bradley

AU - Traynor, Patrick

AU - Fahl, Sascha

N1 - Funding Information: This work was supported in part by the National Science Foundation under grant numbers CNS-1526718 and CNS-1562485. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reect the views of the National Science Foundation.

PY - 2018/12/3

Y1 - 2018/12/3

N2 - Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also report difficulties obfuscating their own apps. To better understand, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. These findings have broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software.

AB - Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there is very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In this paper, we present the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also report difficulties obfuscating their own apps. To better understand, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. These findings have broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software.

KW - Android

KW - Obfuscation

KW - User Study

UR - http://www.scopus.com/inward/record.url?scp=85060065541&partnerID=8YFLogxK

U2 - 10.48550/arXiv.1801.02742

DO - 10.48550/arXiv.1801.02742

M3 - Conference contribution

AN - SCOPUS:85060065541

T3 - ACM International Conference Proceeding Series

SP - 222

EP - 235

BT - ACM International Conference Proceeding Series

PB - Association for Computing Machinery (ACM)

T2 - 34th Annual Computer Security Applications Conference, ACSAC 2018

Y2 - 3 December 2018 through 7 December 2018

ER -