Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Design and implementation of Android obfuscation technique using layout file transformation

레이아웃 파일 변환을 이용한 안드로이드 난독화 기법의 설계 및 구현

  • Park, Heewan (Department of Information Communication and Software, Halla University)
  • 박희완 (한라대학교 정보통신소프트웨어학과)
  • Received : 2020.08.31
  • Accepted : 2020.11.20
  • Published : 2020.11.28
Download PDF
⟨ Previous Next ⟩

Abstract

Android apps are mostly distributed as an apk files, and when the apk file is uncompressed, resource files such as xml files, images, and sounds related to app design can be extracted. If the resources of banking or finance-related apps are stolen and fake apps are distributed, personal information could be stolen or financial fraud may occur. Therefore, it is necessary to make it difficult to steal the design as well as the code when distributing the app. In this paper, we implemented a tool to convert the xml file into Java code and obfuscate using the Proguard, and evaluated the execution performance. If the layout obfuscation technique proposed in this paper is used, it is expected that the app operation performance can be improved and the illegal copying damage caused by the theft of the screen design can be prevented.

안드로이드 앱은 주로 apk 파일 형태로 배포되고, apk 파일의 압축 해제하면 앱 디자인과 관련된 xml 파일, 이미지, 사운드와 같은 리소스 파일을 추출할 수 있다. 만일 은행이나 금융과 관련된 앱의 리소스가 도용되어 가짜 앱이 배포된다면 개인정보가 유출되거나 금융사기를 당할 수 있다. 따라서 앱을 배포할 때 코드뿐만 아니라 디자인을 도용하기 어렵게 만드는 노력이 필요하다. 본 논문에서는 xml 파일을 자바 코드로 변환한 후 프로가드(Proguard)를 이용하여 난독화하는 도구를 구현하였고 실행 성능을 평가하였다. 본 논문에서 제안하는 레이아웃 난독화 기법을 사용하면 앱구동 성능을 높일 수 있으며 화면 디자인 도용으로 인한 불법 복제 피해를 예방하는 효과도 있을 것으로 기대한다.

Keywords

References

  1. A. Almomani, B. B. Gupta, S. Atawneh, A. Meulenberg & E. Almomani. (2013). A Survey of Phishing Email Filtering Techniques. IEEE Communications Surveys & Tutorials, 15(4), 2070-2090. https://doi.org/10.1109/SURV.2013.030713.00020
  2. Security News. (2018). Naver phishing site. https://www.boannews.com/media/view.asp?idx=68740.
  3. S. Han, M. Ryu, J. Cha & B. U. Choi. (2014). HOTDOL: HTML Obfuscation with Text Distribution to Overlapping Layers. IEEE International Conference on Computer and Information Technology, 399-404.
  4. M. Maskur, Z. Sari & A. S. Miftakh. (2018). Implementation of Obfuscation Technique on PHP Source Code. International Conference on Electrical Engineering, Computer Science and Informatics, 738-742.
  5. Z. Y. Wang & W. M. Wu. (2014). Technique of Javascript Code Obfuscation Based on Control Flow Transformations. Applied Mechanics and Materials, 391-394.
  6. Financial consumer news. (2017). Financial fraud surges through fake banking apps. http://www.newsfc.co.kr/news/articleView.html?idxno=30477.
  7. Proguard. (2020). Free Java class file shrinker, optimizer, obfuscator, and preverifier. http://developer.android.com/tools/help/proguard.html.
  8. H. Park, H. Park, K. Ko, K. Choi & J. Youn. (2012). An Evaluation of the Proguard, Obfuscation Tool for Android. Proc. of the 37th KIPS conference, 19(1), 730-733.
  9. S. A. Sebastian et al. (2016). A study & review on code obfuscation. Proc. of the World Conference on Futuristic Trends in Research and Innovation for Social Welfare, 1-6.
  10. S. Dong et al. (2018). Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. Security and Privacy in Communication Networks, 172-192.
  11. H. S. Park & T. Han. Choi. (2003). Advanced Operation Obfuscating Techniques using Bit-Operation. Transactions on Programming Languages, 17(3), 8-20.
  12. P. Yuxue, J. Jung & J. Lee. (2012). The Technological Trend of the Mobile Obfuscation. Information & Communications Magazine, 29(8), 65-71.
  13. Apktool (2020). A tool for reverse engineering Android apk files, https://ibotpeaches.github.io/ Apktool/.
  14. H. Park & H. Kim. (2014). Design and Implementation of An Obfuscation Tool for Preventing the Theft of Android Resources. Proc. of the Korean Society of Computer Information Conference, 22(1), 93-97.
  15. H. Park. (2016). Design and Implementation of Server-based Resource Obfuscation Techniques for Preventing Copyrights Infringement to Android Contents. Journal of the Korea Contents Association, 16(5), 13-20. https://doi.org/10.5392/JKCA.2016.16.05.013
  16. H. Park. (2019). Layout File Obfuscation Technique to Prevent Android App Theft, Proc. of 13th KIISE and KBS Joint Symp, 71-73.
  17. AX2J. (2020). A tool converting your Android XML resource to native Java code. http://ax2j.sickworm.com
  18. XMLtoJava. (2020). Simple android XML to Java code converter. http://www.xmltojava.com/.