Mind the Gap: Finding what Updates have (really) changed in Android Applications

Johannes Feichtner, Lukas Neugebauer, Dominik Ziegler

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Android apps often receive updates that introduce new functionality or tackle problems, ranging from critical security issues to usability-related bugs. Although developers tend to briefly denote changes when releasing new versions, it remains unclear what has actually been modified in the program code. Verifying even subtle changes between two Android apps is challenging due to the widespread use of code transformations and obfuscation techniques. In this paper, we present a new framework to precisely pinpoint differences between Android apps. By pursuing a multi-level comparison strategy that targets resources and obfuscation-invariant code elements, we succeed in highlighting similarities and changes among apps. In case studies, we demonstrate the need and practical benefits of our solution and show how well it is suited to verify changelogs.
Original languageEnglish
Title of host publicationProceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT
Place of PublicationPortugal
Number of pages8
ISBN (Electronic)978-989-758-378-0
Publication statusPublished - 2019
Event16th International Conference on Security and Cryptography - Prague, Czech Republic
Duration: 26 Jul 201928 Jul 2019


Conference16th International Conference on Security and Cryptography
Abbreviated titleSECRYPT 2019
Country/TerritoryCzech Republic
Internet address


  • Android
  • Code Comparison
  • Application Security
  • Static Analysis
  • Obfuscation
  • Smali


Dive into the research topics of 'Mind the Gap: Finding what Updates have (really) changed in Android Applications'. Together they form a unique fingerprint.

Cite this