Mind the Gap: Finding what Updates have (really) changed in Android Applications

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.
Original languageEnglish
Title of host publicationProceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT
Place of PublicationPortugal
PublisherSciTePress
Pages306-313
Number of pages8
ISBN (Electronic)978-989-758-378-0
DOIs
Publication statusPublished - 2019
Event16th International Conference on Security and Cryptography - Prague, Czech Republic
Duration: 26 Jul 201928 Jul 2019
http://www.secrypt.icete.org/?y=2019

Conference

Conference16th International Conference on Security and Cryptography
Abbreviated titleSECRYPT 2019
CountryCzech Republic
CityPrague
Period26/07/1928/07/19
Internet address

    Fingerprint

Keywords

  • Android
  • Code Comparison
  • Application Security
  • Static Analysis
  • Obfuscation
  • Smali

Cite this

Feichtner, J., Neugebauer, L., & Ziegler, D. (2019). Mind the Gap: Finding what Updates have (really) changed in Android Applications. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT (pp. 306-313). Portugal: SciTePress. https://doi.org/10.5220/0008119303060313