This commit is contained in:
Jean-Marie 'Histausse' Mineau
parent
3b5df50248
commit
ca4e7703e1
GPG key ID:
B66AEEDA9B645AD2
6 changed files with 2781 additions and 623 deletions
|
|
@ -6,7 +6,7 @@
|
|||
In this section, we evaluate in the wild if applications that can be found in the Play Store or other markets use one of the shadow techniques.
|
||||
Our goal is to explore the usage of shadow techniques in real applications.
|
||||
Because we modelled the behaviour of a recent version of Android (#SDK 34), we decided not to use our dataset from @sec:rasta.
|
||||
The applications in the RASTA dataset span over more than 10 years, and we cannot guarantee that sandow attacks behaved the same during those 10 years.
|
||||
The applications in the RASTA dataset span over more than 10 years, and we cannot guarantee that shadow attacks behaved the same during those 10 years.
|
||||
At the very least, self-shadowing would not be possible before the introduction of multi-dex in 2014 -- about a fourth of the applications in the RASTA dataset.
|
||||
Instead, we sampled another dataset of recent applications.
|
||||
This way, we can also include malicious applications (in case such techniques would be used to hide malicious code), so we selected #num(50000) applications randomly from AndroZoo~@allixAndroZooCollectingMillions2016 that appeared in 2023.
|
||||
|
|
@ -89,7 +89,7 @@ We report in the upper part of @tab:cl-shadow the statistics about the whole dat
|
|||
We observe that, on average, a few classes are shadowed by another class.
|
||||
Note that the median value is 0, meaning that few apps shadow a lot of classes, but the majority of apps do not shadow anything.
|
||||
The number of applications shadowing a hidden #API is low, which is an expected result as these classes should not be known by the developer.
|
||||
We observe a consequent number of applications, 23.52%, of applications that perform #SDK shadowing.
|
||||
We observe a consequent number of applications, 23.52%, that perform #SDK shadowing.
|
||||
It can be explained by the fact that some classes that newly appear are embedded in the #APK for end users that have old versions of Android: it is suggested by the average value of Min #SDK which is 21.7 for the whole dataset: on average, an application can be run inside a smartphone with #API 21, which would require to embed all new classes from 22 to 34.
|
||||
This hypothesis about missing classes is further investigated later in this section.
|
||||
|
||||
|
|
@ -241,7 +241,7 @@ All these hidden shadow classes are libraries included by the developers who pro
|
|||
// ...
|
||||
}
|
||||
```,
|
||||
caption: [Implementation of Reflection found un `classes11.dex` (shadows @lst:cl-refl1)],
|
||||
caption: [Implementation of Reflection found in `classes11.dex` (shadows @lst:cl-refl1)],
|
||||
) <lst:cl-refl2>
|
||||
|
||||
#figure(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue