Activities per year
Abstract
Inspecting and manipulating runtime behavior of Android applications is a common need in mobile security research. However, existing tools lack a holistic application-agnostic approach. They either require changes to be manually adapted to each target application, or they focus exclusively on executable code parts, neglecting the key role the application manifest and resources play in the Android ecosystem. This limits their use for research purposes, where a specific series of modifications on various app components frequently has to be applied to a whole body of applications.
In this paper, we present A2P2, a flexible patching pipeline for compiled Android applications. Our system encompasses a custom declarative patch format for specifying complex manipulations on all parts of an application package. Patch projects are developed inside the Android Studio IDE and compiled into patch packages. These may then be applied to an arbitrary number of application package (APK) files through our flexible patching pipeline implementation.
Existing pipeline stages may be freely arranged and augmented with user-supplied custom stages so that entirely new sophisticated transformations may be implemented from a range of core primitives. For manipulating Dalvik bytecode, we provide two different rewriting backends and an abstraction that enables addition of new rewriting technologies transparently to patch projects.
We demonstrate A2P2's efficiency and efficacy by providing estimates for deployment speed and effects on compatibility, application size, and runtime performance for typical use cases. Lastly, we implement A2P2 patches that reproduce previous research and facilitate common security analysis tasks.
In this paper, we present A2P2, a flexible patching pipeline for compiled Android applications. Our system encompasses a custom declarative patch format for specifying complex manipulations on all parts of an application package. Patch projects are developed inside the Android Studio IDE and compiled into patch packages. These may then be applied to an arbitrary number of application package (APK) files through our flexible patching pipeline implementation.
Existing pipeline stages may be freely arranged and augmented with user-supplied custom stages so that entirely new sophisticated transformations may be implemented from a range of core primitives. For manipulating Dalvik bytecode, we provide two different rewriting backends and an abstraction that enables addition of new rewriting technologies transparently to patch projects.
We demonstrate A2P2's efficiency and efficacy by providing estimates for deployment speed and effects on compatibility, application size, and runtime performance for typical use cases. Lastly, we implement A2P2 patches that reproduce previous research and facilitate common security analysis tasks.
Original language | English |
---|---|
Title of host publication | ARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings |
Pages | 55-65 |
Number of pages | 11 |
ISBN (Electronic) | 9798400707728 |
DOIs | |
Publication status | Published - 29 Aug 2023 |
Event | 18th International Conference on Availability, Reliability and Security: ARES 2023 - Benevento, Italy Duration: 29 Aug 2023 → 1 Sept 2023 Conference number: 2023 |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Conference
Conference | 18th International Conference on Availability, Reliability and Security |
---|---|
Abbreviated title | ARES |
Country/Territory | Italy |
City | Benevento |
Period | 29/08/23 → 1/09/23 |
Keywords
- Android
- Mobile
- Mobile Security
- Patching
- Repair
- Instrumentation
- Analysis
ASJC Scopus subject areas
- Software
Fields of Expertise
- Information, Communication & Computing
Treatment code (Nähere Zuordnung)
- Experimental
Fingerprint
Dive into the research topics of 'A2P2 - An Android Application Patching Pipeline Based On Generic Changesets'. Together they form a unique fingerprint.Activities
- 1 Talk at conference or symposium
-
A2P2 - An Android Application Patching Pipeline Based On Generic Changesets
Draschbacher, F. (Speaker)
31 Aug 2023Activity: Talk or presentation › Talk at conference or symposium › Science to science