log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
A large scale investigation of obfuscation use in Google Play
Yasemin Acar
Tuesday, March 10, 2020, 12:00-1:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract
 
Android applications are frequently plagiarized or repackaged, and software obfuscation is a recommended protection against these practices. However, there used to be very little data on the overall rates of app obfuscation, the techniques used, or factors that lead to developers to choose to obfuscate their apps. In our 2018 paper, we presented the first comprehensive analysis of the use of and challenges to software obfuscation in Android applications. We analyzed 1.7 million free Android apps from Google Play to detect various obfuscation techniques, finding that only 24.92% of apps are obfuscated by the developer. To better understand this rate of obfuscation, we surveyed 308 Google Play developers about their experiences and attitudes about obfuscation. We found that while developers feel that apps in general are at risk of plagiarism, they do not fear theft of their own apps. Developers also report difficulties obfuscating their own apps. To better understand, we conducted a follow-up study where the vast majority of 70 participants failed to obfuscate a realistic sample app even while many mistakenly believed they had been successful. These findings have broad implications both for improving the security of Android apps and for all tools that aim to help developers write more secure software. They also reflect that any first line of defense needs to be sufficiently usable and well-understood for the respective actors to invest time and effort in widespread deployment.
This talk is organized by Richard Roberts