Android apps call graph construction and obfuscation investigation
Date
2021-08
Authors
Baz, Abdelrahman M
Major Professor
Advisor
Guan, Young
Ben Othmane, Lotfi
Newman, Jennifer
Le, Wei
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Abstract
Static program analysis for Android apps is one of the main mechanisms used to examine the code structure and gather information about function calls and relations, all without executing the code. Since the Android operating system supports Java, an object-oriented programming language, Android apps are made of classes that include a set of fields and methods that can call other methods and manipulate code. The relation between method calls (when a method makes a call to another method) can be captured in a call graph structure.
The motivation behind this work is to enhance the call graph construction process for Android apps in terms of running time and to understand the challenge of code obfuscation for static analysis for Android, which is a common strategy used to obscure the source code of a program. This work presents MiniDroid, a time-efficient tool for call graph construction for Android apps. MiniDroid is based on FlowDroid, a static taint analysis tool for Android that models the Android’s lifecycle. This work also investigates how different obfuscation techniques affect the output of static analysis tools. We use Obfuscapk, an open-source automatic obfuscation tool for Android applications, to perform obfuscation. We use the output of EviHunter, a tool to automatically identify evidentiary data in the permanent storage of an Android device, to evaluate the results.
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
thesis