Mind the Gap: Finding what Updates have (really) changed in Android Applications

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.
Original languageEnglish
Title of host publicationProceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT
Place of PublicationPortugal
PublisherSciTePress
Pages306-313
Number of pages8
ISBN (Electronic)978-989-758-378-0
DOIs
Publication statusPublished - 2019
Event16th International Conference on Security and Cryptography - Prague, Czech Republic
Duration: 26 Jul 201928 Jul 2019
http://www.secrypt.icete.org/?y=2019

Conference

Conference16th International Conference on Security and Cryptography
Abbreviated titleSECRYPT 2019
CountryCzech Republic
CityPrague
Period26/07/1928/07/19
Internet address

Fingerprint

Application programs
Android (operating system)

Keywords

  • Android
  • Code Comparison
  • Application Security
  • Static Analysis
  • Obfuscation
  • Smali

Cite this

Feichtner, J., Neugebauer, L., & Ziegler, D. (2019). Mind the Gap: Finding what Updates have (really) changed in Android Applications. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT (pp. 306-313). Portugal: SciTePress. https://doi.org/10.5220/0008119303060313

Mind the Gap: Finding what Updates have (really) changed in Android Applications. / Feichtner, Johannes; Neugebauer, Lukas; Ziegler, Dominik.

Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal : SciTePress, 2019. p. 306-313.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Feichtner, J, Neugebauer, L & Ziegler, D 2019, Mind the Gap: Finding what Updates have (really) changed in Android Applications. in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. SciTePress, Portugal, pp. 306-313, 16th International Conference on Security and Cryptography, Prague, Czech Republic, 26/07/19. https://doi.org/10.5220/0008119303060313
Feichtner J, Neugebauer L, Ziegler D. Mind the Gap: Finding what Updates have (really) changed in Android Applications. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal: SciTePress. 2019. p. 306-313 https://doi.org/10.5220/0008119303060313
Feichtner, Johannes ; Neugebauer, Lukas ; Ziegler, Dominik. / Mind the Gap: Finding what Updates have (really) changed in Android Applications. Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT. Portugal : SciTePress, 2019. pp. 306-313
@inproceedings{3daef9e6d850424382436c6db7299a8d,
title = "Mind the Gap: Finding what Updates have (really) changed in Android Applications",
abstract = "Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.",
keywords = "Android, Code Comparison, Application Security, Static Analysis, Obfuscation, Smali",
author = "Johannes Feichtner and Lukas Neugebauer and Dominik Ziegler",
year = "2019",
doi = "10.5220/0008119303060313",
language = "English",
pages = "306--313",
booktitle = "Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT",
publisher = "SciTePress",
address = "Portugal",

}

TY - GEN

T1 - Mind the Gap: Finding what Updates have (really) changed in Android Applications

AU - Feichtner, Johannes

AU - Neugebauer, Lukas

AU - Ziegler, Dominik

PY - 2019

Y1 - 2019

N2 - Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.

AB - Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.

KW - Android

KW - Code Comparison

KW - Application Security

KW - Static Analysis

KW - Obfuscation

KW - Smali

U2 - 10.5220/0008119303060313

DO - 10.5220/0008119303060313

M3 - Conference contribution

SP - 306

EP - 313

BT - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT

PB - SciTePress

CY - Portugal

ER -