Mind the Gap: Finding what Updates have (really) changed in Android Applications

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.
Originalspracheenglisch
TitelProceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT
ErscheinungsortPortugal
Herausgeber (Verlag)SciTePress
Seiten306-313
Seitenumfang8
ISBN (elektronisch)978-989-758-378-0
DOIs
PublikationsstatusVeröffentlicht - 2019
Veranstaltung16th International Conference on Security and Cryptography - Prague, Tschechische Republik
Dauer: 26 Jul 201928 Jul 2019
http://www.secrypt.icete.org/?y=2019

Konferenz

Konferenz16th International Conference on Security and Cryptography
KurztitelSECRYPT 2019
LandTschechische Republik
OrtPrague
Zeitraum26/07/1928/07/19
Internetadresse

Fingerprint

Application programs
Android (operating system)

Schlagwörter

    Dies zitieren

    Feichtner, J., Neugebauer, L., & Ziegler, D. (2019). Mind the Gap: Finding what Updates have (really) changed in Android Applications. in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT (S. 306-313). Portugal: SciTePress. https://doi.org/10.5220/0008119303060313

    Mind the Gap: Finding what Updates have (really) changed in Android Applications. / Feichtner, Johannes; Neugebauer, Lukas; Ziegler, Dominik.

    Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal : SciTePress, 2019. S. 306-313.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Feichtner, J, Neugebauer, L & Ziegler, D 2019, Mind the Gap: Finding what Updates have (really) changed in Android Applications. in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. SciTePress, Portugal, S. 306-313, Prague, Tschechische Republik, 26/07/19. https://doi.org/10.5220/0008119303060313
    Feichtner J, Neugebauer L, Ziegler D. Mind the Gap: Finding what Updates have (really) changed in Android Applications. in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal: SciTePress. 2019. S. 306-313 https://doi.org/10.5220/0008119303060313
    Feichtner, Johannes ; Neugebauer, Lukas ; Ziegler, Dominik. / Mind the Gap: Finding what Updates have (really) changed in Android Applications. Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal : SciTePress, 2019. S. 306-313
    @inproceedings{3daef9e6d850424382436c6db7299a8d,
    title = "Mind the Gap: Finding what Updates have (really) changed in Android Applications",
    abstract = "Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.",
    keywords = "Android, Code Comparison, Application Security, Static Analysis, Obfuscation, Smali",
    author = "Johannes Feichtner and Lukas Neugebauer and Dominik Ziegler",
    year = "2019",
    doi = "10.5220/0008119303060313",
    language = "English",
    pages = "306--313",
    booktitle = "Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT",
    publisher = "SciTePress",
    address = "Portugal",

    }

    TY - GEN

    T1 - Mind the Gap: Finding what Updates have (really) changed in Android Applications

    AU - Feichtner, Johannes

    AU - Neugebauer, Lukas

    AU - Ziegler, Dominik

    PY - 2019

    Y1 - 2019

    N2 - Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.

    AB - Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.

    KW - Android

    KW - Code Comparison

    KW - Application Security

    KW - Static Analysis

    KW - Obfuscation

    KW - Smali

    U2 - 10.5220/0008119303060313

    DO - 10.5220/0008119303060313

    M3 - Conference contribution

    SP - 306

    EP - 313

    BT - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT

    PB - SciTePress

    CY - Portugal

    ER -