Automatic string deobfuscation scheme for mobile applications based on platform-level code extraction

The Android operating system is vulnerable to various security threats owing to structural problems in Android applications. String obfuscation is one of the required protection schemes developed to protect Android application code. However, string obfuscation is being thwarted by malware makers and malware analysis is becoming more difficult and time-consuming. This paper proposes an automatic string deobfuscation and application programming interface (API) hiding neutralisation scheme that requires no encryption algorithm analysis or encryption key information. The proposed scheme has its own independent obfuscation tool. Further, it extracts and analyses code from the Android platform while the application is being executed and inserts only a return string value from the extracted code into the DEX file. The results of experiments conducted, in which commercial obfuscation tools Allatori, DexGuard, and DexProtector were applied to sample applications, verify the efficacy of the proposed method.