Android App Protection through Anti-tampering and Anti-debugging Techniques
Android devices remain an attractive mobile malware target in recent years. Android applications (or simply apps) in the device are vulnerable to diﬀerent attacks which can tamper with the execution of an app to change app behavior so that it performs harm to users or can debug an app to steal private data (source code, user data and behavior). Android app protection is necessary to defend app behavior integrity and protect app privacy. The app cache, where the app actually runs, is vulnerable to being tampered with. Cache tampering allows for the same behavioral changes as piggybacking. Piggybacking an app is to repackage an legitimate app with extra code that can perform malicious acts after installation, such as stealing user sensitive data or displaying unsolicited advertisements. The cache loading process of Android Runtime (ART) can be exploited by cache tampering attacks without rebooting the device. Security-Enhanced Linux (SELinux) full enforcement has been deployed in the Android platform since Android 5, which enhances the security of Android platform and decreases the security concerns apps should take care of at the same time. Therefore, apps are vulnerable to being debugged in an insecure Android environment such as an emulator or a device with a rooted Android ROM. We present a comprehensive app protection approach using anti-tampering and anti-debugging techniques. We implement separate solutions in terms of two protections against tampering and debugging. We maintain the integrity of app cache and implement a lightweight cache protection solution for anti-tampering. We collect debugging points of ART and protect them at runtime from being tampered with. Our solution can be deployed easily across diﬀerent Android ART-based platforms with little eﬀort. App developers are able to use our techniques to protect their apps.