Litcius/Paper detail

Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations

Xiaolu Zhang, Frank Breitinger, Engelbert Luechinger, Stephen O’Shaughnessy

2021Forensic Science International Digital Investigation30 citationsDOIOpen Access PDF

Abstract

Android obfuscation techniques include not only classic code obfuscation techniques that were adapted to Android, but also obfuscation methods that target the Android platform specifically. This work examines the status-quo of Android obfuscation, obfuscation detection and deobfuscation. Specifically, it first summarizes obfuscation approaches that are commonly used by app developers for code optimization, to protect their software against code theft and code tampering but are also frequently misused by malware developers to circumvent anti-malware products. Secondly, the article focuses on obfuscation detection techniques and presents various available tools and current research. Thirdly, deobfuscation (which aims at reinstating the original state before obfuscation) is discussed followed by a brief discussion how this impacts forensic investigation. We conclude that although obfuscation is widely used in Android app development (benign and malicious), available tools and the practices on how to deal with obfuscation are not standardized, and so are inherently lacking from a forensic standpoint.

Topics & Concepts

ObfuscationAndroid (operating system)MalwareComputer scienceComputer securityAndroid malwareMobile malwareDigital forensicsOperating systemAdvanced Malware Detection TechniquesDigital and Cyber ForensicsSoftware Testing and Debugging Techniques
Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations | Litcius