12 lines
1.4 KiB
Typst
12 lines
1.4 KiB
Typst
#import "X_var.typ": nbapk
|
|
|
|
Android is the most deployed operating system for smartphones.
|
|
Android applications are designed by external developers that embed their classes in the APK file installed later in the smartphone.
|
|
At runtime, Android executes these classes in addition to classes provided by the operating system itself.
|
|
The dynamic linking and loading of the different classes is a complex task that can eventually be exploited by an attacker.
|
|
In particular, if the developer adds a class whose name collides with the name of a class of the Android operating system, he may confuse a reverser in charge of studying such an application.
|
|
In this paper, we explore the possible collisions that can occur between classes defined multiple times at different locations i.e. multiple times in the APK file or, at the same time, in the APK and the operating system.
|
|
We highlight three attacks that we call shadow attacks because the class implementation that a reverser would find shadows a second implementation with a higher priority.
|
|
In particular, we show that a static analysis tools used by a reverser choose the shadow implementation for most of the evaluated tools, and output a wrong result.
|
|
In a dataset of #nbapk applications, we also explored if shadow attacks are used in the wild and show that most of the time, there is no malicious behavior behind them.
|
|
|