A2P2 - An Android Application Patching Pipeline Based On Generic Changesets

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Inspecting and manipulating runtime behavior of Android applications is a common need in mobile security research. However, existing tools lack a holistic application-agnostic approach. They either require changes to be manually adapted to each target application, or they focus exclusively on executable code parts, neglecting the key role the application manifest and resources play in the Android ecosystem. This limits their use for research purposes, where a specific series of modifications on various app components frequently has to be applied to a whole body of applications.

In this paper, we present A2P2, a flexible patching pipeline for compiled Android applications. Our system encompasses a custom declarative patch format for specifying complex manipulations on all parts of an application package. Patch projects are developed inside the Android Studio IDE and compiled into patch packages. These may then be applied to an arbitrary number of application package (APK) files through our flexible patching pipeline implementation.
Existing pipeline stages may be freely arranged and augmented with user-supplied custom stages so that entirely new sophisticated transformations may be implemented from a range of core primitives. For manipulating Dalvik bytecode, we provide two different rewriting backends and an abstraction that enables addition of new rewriting technologies transparently to patch projects.

We demonstrate A2P2's efficiency and efficacy by providing estimates for deployment speed and effects on compatibility, application size, and runtime performance for typical use cases. Lastly, we implement A2P2 patches that reproduce previous research and facilitate common security analysis tasks.
Original languageEnglish
Title of host publicationARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
Pages55-65
Number of pages11
ISBN (Electronic)9798400707728
DOIs
Publication statusPublished - 29 Aug 2023
Event18th International Conference on Availability, Reliability and Security: ARES 2023 - Benevento, Italy
Duration: 29 Aug 20231 Sept 2023
Conference number: 2023

Publication series

NameACM International Conference Proceeding Series

Conference

Conference18th International Conference on Availability, Reliability and Security
Abbreviated titleARES
Country/TerritoryItaly
CityBenevento
Period29/08/231/09/23

Keywords

  • Android
  • Mobile
  • Mobile Security
  • Patching
  • Repair
  • Instrumentation
  • Analysis

ASJC Scopus subject areas

  • Software

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Experimental

Fingerprint

Dive into the research topics of 'A2P2 - An Android Application Patching Pipeline Based On Generic Changesets'. Together they form a unique fingerprint.

Cite this