Field experience with obfuscating million‐user iOS apps in large enterprise mobile development. (8th November 2018)
- Record Type:
- Journal Article
- Title:
- Field experience with obfuscating million‐user iOS apps in large enterprise mobile development. (8th November 2018)
- Main Title:
- Field experience with obfuscating million‐user iOS apps in large enterprise mobile development
- Authors:
- Wang, Pei
Wu, Dinghao
Chen, Zhaofeng
Wei, Tao - Other Names:
- Bosch Jan guestEditor.
Cooper Kendra M. L. guestEditor.
Paulisch Frances guestEditor. - Abstract:
- Summary: In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now common that a mobile app serves millions of users across the globe. By examining the code of these apps, reverse engineers can learn various knowledge about the design and implementation of the apps. Real‐world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app‐provided services for unrightful profits, leading to significant financial losses. One of the most viable mitigations against malicious reverse engineering is to obfuscate the apps. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps. In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. We especially focus on factors that are unique to mobile software development that may affect the design and deployment of obfuscation techniques. We report the outcome of our obfuscation with empirical experiments. We additionally elaborate on the follow‐up case studies about how our obfuscation affected the appSummary: In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now common that a mobile app serves millions of users across the globe. By examining the code of these apps, reverse engineers can learn various knowledge about the design and implementation of the apps. Real‐world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app‐provided services for unrightful profits, leading to significant financial losses. One of the most viable mitigations against malicious reverse engineering is to obfuscate the apps. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps. In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. We especially focus on factors that are unique to mobile software development that may affect the design and deployment of obfuscation techniques. We report the outcome of our obfuscation with empirical experiments. We additionally elaborate on the follow‐up case studies about how our obfuscation affected the app publication process and how we responded to the negative impacts. This experience report can benefit mobile developers, security service providers, and Apple as the administrator of the iOS ecosystem. … (more)
- Is Part Of:
- Software, practice & experience. Volume 49:Number 2(2019)
- Journal:
- Software, practice & experience
- Issue:
- Volume 49:Number 2(2019)
- Issue Display:
- Volume 49, Issue 2 (2019)
- Year:
- 2019
- Volume:
- 49
- Issue:
- 2
- Issue Sort Value:
- 2019-0049-0002-0000
- Page Start:
- 252
- Page End:
- 273
- Publication Date:
- 2018-11-08
- Subjects:
- iOS -- mobile -- obfuscation -- reverse engineering -- software protection
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2648 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 11398.xml