these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

midskip
All checks were successful
/ test_checkout (push) Successful in 1m44s
Details

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-10-04 00:29:34 +02:00
parent de9674f09c
commit 96b8d24b29
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
13 changed files with 26 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
2_background/4_2_classloader.typ
View file

@ -1,4 +1,4 @@
#import "../lib.typ": SDK, API, API, DEX, pb2, pb2-text, etal, APIs, ie
#import "../lib.typ": SDK, API, API, DEX, pb2, pb2-text, etal, APIs, ie, midskip
#import "../lib.typ": todo
=== Android Class Loading <sec:bg-soa-cl>
@ -53,7 +53,7 @@ More recently, He #etal~@he_systematic_2023 did a systematic study of hidden ser
They studied how the hidden #API can be used to bypass Android security restrictions and found that although Google countermeasures are effective, they need to be implemented inside the system services and not the hidden #API due to the lack of in-app privilege isolation: the framework code is in the same process as the user code, meaning any restriction in the framework can be bypassed by the user.
Unfortunately, those two contributions do not explore further the consequences of the use of hidden #APIs for a reverse engineer.
#v(2em)
#midskip
In conclusion, class loading mechanisms have been studied carefully in the context of the Java language.
However, the same cannot be said about Android, whose implementation diverges significantly from classic Java Virtual Machines.