Volume 6 - Issue 3
Comparative Analysis of Mobile App Reverse Engineering Methods on Dalvik and ART
- Geonbae Na
Soongsil University, Seoul, 06978, Korea
nagbssu.ac.kr
- Jongsu Lim
Soongsil University, Seoul, 06978, Korea
jongsu253ssu.ac.kr
- Kyoungmin Kim
Soongsil University, Seoul, 06978, Korea
mseckkmssu.ac.kr
- Jeong Hyun Yi
Soongsil University, Seoul, 06978, Korea
jhyissu.ac.kr
Keywords: Android runtime, reverse engineering, dynamic analysis
Abstract
The runtime system for the Android platform has changed to ART. ART differs from previously
used Dalvik in that it is to be a runtime environment for the application’s machine code. As a result,
ART does not execute Dalvik bytecode through an interpreter but executes the machine code
itself, leading to high performance and many other benefits. This change in runtime system also
has many implications for mobile security. While we can anticipate with certainty the resurgence of
modified malicious activity or malicious applications previously used with Dalvik or the emergence
of completely new structures of malicious techniques, we can no longer ascertain the feasibility of
the analysis techniques and analysis tools used against these malicious applications that operated in
Dalvik. To combat future potential malicious techniques for ART, we must first have a clear understanding
of ART and, with this foundation, to effectively and accurately utilize the correct analysis
technique. Thus, this paper serves to introduce an analysis on the operating method and architecture
of ART and, based on this information, address the executable feasibility of the analysis techniques
in ART. Furthermore, we present the test results of running these analysis tools and techniques in
ART.