A Comparative Study on Optimization, Obfuscation, and Deobfuscation tools in Android

Geunha You, Gyoosik Kim, Seong-je Cho, Hyoil Han
2021 Journal of Internet Services and Information Security  
Code optimization is a program transformation process to make the program work more efficiently or consume fewer resources. Code obfuscation transforms a program and makes its code more difficult for a human to understand, which protects the code from reversing engineering. Deobfuscation is reverse-engineering the obfuscation. Optimization and obfuscation are widely used in Android apps. R8, the Android build process's default tool, does all of the code shrinking, obfuscation, and optimization.
more » ... This paper compares and analyzes the functionalities of optimization, obfuscation, and deobfuscation tools in the Android platform. Besides R8, the other tools covered in this paper are ReDex, Obfuscapk, and DeGuard, which are optimization, obfuscation, and deobfuscation tools for Android apps, respectively. We investigate the characteristics of the four tools and compare their performance by performing experiments. 2 A Comparative Study on Optimization, Obfuscation, and Deobfuscation Tools in Android You, Kim, Cho and Han however, malware writers obfuscated their malware to hide its malicious intention and logic and resist analysis. On the other hand, code deobfuscation is reverse engineering obfuscated code and is useful for understanding obfuscated code [24, 7, 28, 27] . The objective of deobfuscation is to try to identify, simplify and remove obfuscation code. Given a program P org and its obfuscated version P ob f , Yadegari et al. [28, 27] defined deobfuscation as the process of removing the effects of obfuscation from an obfuscated program, P ob f . That is, deobfuscation analyzes and transforms the code for P ob f to obtain a program P org that is functionally equivalent to P ob f but is simpler and easier to understand. The deobfuscated code is easier to understand with less analysis time compared to the obfuscated one. Code obfuscation and deobfuscation are thus considered as a double-edged sword in the computer security community. Code optimization and obfuscation tools are pervasively applied to Android apps. When an Android project is built using Android Gradle plugin 3.4.0 or higher, the plugin works with the R8 compiler as the default tool in the Android build process [18, 16] . The R8 compiler does all of the optimization, obfuscation, code shrinking, and resource shrinking. A legitimate software company needs to analyze which optimization tool (optimizer) or obfuscation tool (obfuscator) is good to use in order to protect the intellectual property of their apps. In addition, malware analysts want to know which optimizer or deobfuscation tool (deobfuscator) to use in order to efficiently analyze malware. In this paper, we compare and analyze the functionalities of some optimization, obfuscation, and deobfuscation tools in Android platform. Besides R8, the other tools covered in this paper are ReDex [11, 12] , Obfuscapk [5], and DeGuard [7], which are optimization, obfuscation, and deobfuscation tools for Android apps, respectively. We investigate the characteristics of the four tools and compare their performance through experiments. The rest of this paper is organized as follows. Section 2 briefly describes the four tools: R8, ReDex, Obfuscapk, and DeGuard. Section 3 reviews related work, and Section 4 summarizes the method and analysis tools for our work. In Section 5, 6, and 7, we compare and evaluate the four tools. Finally, we conclude our findings in Section 8.
doi:10.22667/jisis.2021.02.28.002 dblp:journals/jisis/YouKCH21 fatcat:wfnipslpgvgwvhmyxkulvxcq4i