TY - JOUR
T1 - Software Protection on the Go
T2 - 40th International Conference on Software Engineering, ICSE 2018
AU - Wang, Pei
AU - Bao, Qinkun
AU - Wang, Li
AU - Wang, Shuai
AU - Chen, Zhaofeng
AU - Wei, Tao
AU - Wu, Dinghao
N1 - Funding Information:
This research was supported in part by the National Science Foundation (NSF) under grant CNS-1652790, and the Office of Naval Research (ONR) under grants N00014-16-1-2912, N00014-16-1-2265, and N00014-17-1-2894.
Publisher Copyright:
© 2015 Association for Computing Machinery, Inc. All rights reserved.
PY - 2018
Y1 - 2018
N2 - The prosperity of smartphone markets has raised new concerns about software security on mobile platforms, leading to a growing demand for effective software obfuscation techniques. Due to various differences between the mobile and desktop ecosystems, obfuscation faces both technical and non-technical challenges when applied to mobile software. Although there have been quite a few software security solution providers launching their mobile app obfuscation services, it is yet unclear how real-world mobile developers perform obfuscation as part of their software engineering practices. Our research takes a first step to systematically studying the deployment of software obfuscation techniques in mobile software development. With the help of an automated but coarse-grained method, we computed the likelihood of an app being obfuscated for over a million app samples crawled from Apple App Store. We then inspected the top 6600 instances and managed to identify 601 obfuscated versions of 539 iOS apps. By analyzing this sample set with extensive manual effort, we made various observations that reveal the status quo of mobile obfuscation in the real world, providing insights into understanding and improving the situation of software protection on mobile platforms.
AB - The prosperity of smartphone markets has raised new concerns about software security on mobile platforms, leading to a growing demand for effective software obfuscation techniques. Due to various differences between the mobile and desktop ecosystems, obfuscation faces both technical and non-technical challenges when applied to mobile software. Although there have been quite a few software security solution providers launching their mobile app obfuscation services, it is yet unclear how real-world mobile developers perform obfuscation as part of their software engineering practices. Our research takes a first step to systematically studying the deployment of software obfuscation techniques in mobile software development. With the help of an automated but coarse-grained method, we computed the likelihood of an app being obfuscated for over a million app samples crawled from Apple App Store. We then inspected the top 6600 instances and managed to identify 601 obfuscated versions of 539 iOS apps. By analyzing this sample set with extensive manual effort, we made various observations that reveal the status quo of mobile obfuscation in the real world, providing insights into understanding and improving the situation of software protection on mobile platforms.
UR - http://www.scopus.com/inward/record.url?scp=85065562284&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85065562284&partnerID=8YFLogxK
U2 - 10.1145/3180155.3180169
DO - 10.1145/3180155.3180169
M3 - Conference article
AN - SCOPUS:85065562284
SN - 0270-5257
VL - 2018-January
SP - 26
EP - 36
JO - Proceedings - International Conference on Software Engineering
JF - Proceedings - International Conference on Software Engineering
Y2 - 27 May 2018 through 3 June 2018
ER -