DynVMDroid: Android App Protection via Code Disorder and Dynamic Recovery

To protect Android applications from reverse engineering, more and more adversarial analysis techniques are proposed, such as packing, encryption, obfuscation, etc. As one of the most advanced techniques for obfuscation, code virtualization at the dex bytecode level has evolved from hiding meta information to protect executable instructions. However, previous approaches are proved to have a certain degree of vulnerability at the directive opcode replacement. In this paper, we present DynVMDroid, a reinforcement system based on code virtualization to protect Android applications from reverse engineering. DynVMDroid consists of two components, a reinforcement engine and a custom runtime environment. The reinforcement engine disrupts the inherent structural order and extends the length of the original instructions from key methods, converting them into virtual code in Android applications. The custom runtime environment dynamically recovering the virtual instructions to ensure the protected application work properly. To verify its performance and compatibility, we have applied DynVMDroid to 10 applications. In addition, various attack methods have been adopted on the protected applications to validate their security. Our experimental results show that the applications protected by DynVMDroid perform correctly and effectively against common reverse analysis techniques with acceptable performance losses.