Industry News

Mobile App Development Company Fights Off Android Malware with Obfuscation Tool

Mobile application developer RIIS has released a code obfuscation tool for locking down the Java source code used for developing Android software that will allegedly prevent reverse-engineers from decompiling applications written for the popular Linux-based mobile platform.

Even if these tools are usually pitched at developers who try to protect their intellectual property from prying eyes, the tool – HoseDex2Jar – aims to minimize malicious applications on the web by preventing cyber-criminals from modifying legit applications and repackaging them with malware.

In the past three years, Android malware has grown more than 3,000% per year. The growth is mostly caused by the fact that Android phones allow users to install applications from alternative markets, where cyber-criminals “spray” full versions of commercial applications (originally downloaded from Google Play) after they have modified their source code to deliver malicious payloads.

Unlike EXE files written for the Windows OS, Android applications written in Java (Android APKs) can be converted into Java (.jar) files using the Dex2Jar utility. The .jar file is decompiled with JD-GUI or JAD into source code – the application’s line-by-line enumeration of commands that can be easily read and modified by programmers.

“Developers can take steps such as using tools like ProGuard to obfuscate their code, but up until now, it has been impossible to prevent someone from decompiling an app,” said Godfrey Nolan, RIIS president, quoted by Security Week. “We realized if there was a way to stop Dex2Jar, we would stop all Android decompilation. HoseDex2Jar does just that.  It stops Dex2Jar by inserting harmless code in an Android APK that confuses and disables Dex2Jar and protects the code from decompilation.”

Preventing decompilation will not only stop cyber-criminals from using other developers’ applications as a lure for infecting unwary users, but will also make it much more difficult for crackers to remove the commercial protection of games and utilities sold on Google Play. By protecting their applications, developers contribute to diminishing the number of malware apps while maximizing the revenue from selling their apps. HoseDex2Jar is available for free as a web service at http://www.decompilingandroid.com/hosedex2jar/.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.