APKARMOR: Low-Cost Lightweight Anti-Decompilation Techniques for Android Apps

Android app security is a critical concern for the software industry, with companies investing significantly in protecting their intellectual property from reverse engineering attacks. While commercial protection tools exist to prevent decompilation and unauthorized code access, they pose substantial challenges for businesses: high licensing costs ranging from thousands to tens of thousands of dollars annually, significant performance overhead that impacts user experience and app ratings, and increased app size that affects download rates. These limitations particularly burden small to medium-sized enterprises and independent developers, creating an urgent industry need for cost-effective protection solutions.To address these challenges, we propose a novel file format-based anti-decompilation strategy that systematically exploits structural vulnerabilities in APK files. Building upon this strategy, we have developed APKARMOR, a lightweight and cost-effective anti-decompilation framework that exploits inherent vulnerabilities in popular reverse engineering tools. Through systematic analysis, we first identified critical weaknesses in common decompilation tools’ parsing mechanisms and structural assumptions. Based on these findings, we developed seven mutation-based protection strategies that deliberately trigger these vulnerabilities by introducing specific structural anomalies into APK files and the AndroidManifest.xml. These methods include Countermeasures against Dirty Code and Corrupted Payloads (CACoP), Pseudo-Encryption (PE), Using Unknown Compression Method (UUCM), Unavailable Magic Value (UMA), Modify the Offset Field in stringChunk (MOFS), and Dirty Bytecode Replacement of "Android" (DRA). We evaluated our exploitation strategies through extensive experiments on 100 randomly selected Android apps, testing against the latest versions of three widely used decompilation tools: JADX (v1.5.1), APKTool (v2.11.0), and Androguard (v4.1.2). Our results demonstrate that PE and DRA achieved complete protection by successfully exploiting vulnerabilities present in all tested tools. MOFS, UUCM, and UNV effectively exploited weaknesses in APKTool and Androguard’s parsing mechanisms.