Today there are billions of mobile Android devices and the corresponding app stores contain millions of different apps. Due to their access to personal data and their commonly closed source nature, program analysis remains the only instrument to analyze app behavior and protect user data. At the same time, many measures for hardening apps have been developed to make analysis more difficult and to hide the inner workings of applications, making dynamic analysis a time-consuming task. We propose DaVinci, an Android kernel module for system call hooking, which allows a fully transparent and scalable dynamic analysis. DaVinci comes with preconfigured high level profiles to easily analyze the low level system calls. DaVinci works even on hardened apps without manual adjustments where common tools like Frida fail or require exhausting reverse engineering. We evaluate our approach against state-of-the-art hardening measures in a custom app as well as several hardened real-world examples and find that we successfully overcome all protection measures even when other tools fail. Our framework will be open-sourced and made available to the research and security communities.
CITATION STYLE
Druffel, A., & Heid, K. (2020). DaVinci: Android app analysis beyond frida via dynamic system call instrumentation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12418 LNCS, pp. 473–489). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-61638-0_26
Mendeley helps you to discover research relevant for your work.