Скачать или смотреть Android compiler fingerprinting (by Tim Strazzere)

Talk on "Android compiler fingerprinting" by Tim Strazzere and Caleb Fenton at the Android Security Symposium in Vienna, Austria, 8-10 March 2017
https://usmile.at/symposium/2017/prog...

** Abstract **
Compiler fingerprinting is a technique for identifying the compiler used to create an executable. Executable file formats are usually flexible and different compilers may introduce subtle differences in structure and organization. We have developed a tool called APKiD which can determine the compiler used to create or modify Dalvik executables and Android binary XML files. This allows us to distinguish between apps compiled from the original source code and apps which have been modified using non-standard compilers such as dexlib. We believed the two main reasons for modifying an Android app were for 1.) cracking and piracy and 2.) injecting malicious code. We tested this belief by comparing the compiler profiles of various app markets with different tolerances for cracked or malicious apps to see if the percentage of modified apps was inversely proportional to how strict the store was about policing submissions. We found that strict markets such as Google Play had significantly lower rates of modified apps compared to less strict markets such as Aptoide and BlapkMarket. Additionally, we analyzed ~138,000 benign apps and known malware samples to compare the rates of modification between both groups. We found much higher rates of modification for malware than with benign apps. Thus, knowing if an app is modified seems to be a good signal for maliciousness or software piracy.

This talk presents the history and evolution of various Android compilers, introduces APKiD, summarizes the technical details for how APKiD works, and reviews applications for using compiler fingerprinting to improve detection and classification of malware and pirated apps.

** Android Security Symposium **
The second Android Security Symposium was organized by the Josef Ressel Center u'smile at the University of Applied Sciences Upper Austria in Hagenberg in cooperation with SBA Research and the Institute of Networks and Security (INS) at Johannes Kepler University Linz.

This video is provided by the Josef Ressel Center for User-friedly Secure Mobile Environments (u'smile), a research group at the University of Applied Sciences Upper Austria.

Copyright (c) FH OÖ Forschungs & Entwicklungs GmbH • All rights reserved. • https://usmile.at/impressum