School of Information Technology

Thanks to the adoption of Android mobile devices, Java is one of the popular programming languages with a long history of success. Java became famous because of its cross-platform support, i.e., Java codes once compiled, can be executed on multiple platforms. On the other hand, such a language feature opens up potential security risks. Java bytecodes, the output of the compilation process, can be easily reverse-engineered. Multiple free tools for decompiling Java bytecodes available on the Internet. This raises a huge concern for Android mobile application developers. In the mobile application context, users gain full access to the application in the form of bytecodes, which are executed on the users' mobile devices. Bytecode tampering allows malicious users to gain access to the source codes and to obtain unauthorized information.

Some effort has been put in to address this issue. For example, Proguard, a standard Android bytecodes obfuscator and optimizer, only performs variable and function renaming. However, such simple obfuscation process is unable to conceal information from experienced hackers who are equipped with advanced technologies and tools such as static and dynamic code analysers.

In this project, we developed a new code obfuscating tool which performs sophisticated and novel code obfuscation for Android applications. We not only rely on existing techniques such as stealth predicates, control flow flattening, but also we develop and extend a newly discovered technique namely continuous passing in control flow obfuscation. The outcome of this project will be an Android building tool plugin which can be used alongside with Proguard and other Android development tools to further enhance Android application security.