Static Dalvik VM bytecode instrumentation

TL;DR

This paper introduces a rootless, user-mode approach for Android bytecode instrumentation to restrict blacklisted API calls, enabling security enhancements without system modifications or updates.

Contribution

It presents a novel, rootless method for Android bytecode modification to restrict API calls, unlike previous approaches requiring system modifications.

Findings

Successfully blocks IMEI requests in proof-of-concept implementation

Does not require system modifications or updates

Provides a practical security enhancement for end-users

Abstract

This work proposes a novel approach to restricting the access for blacklisted Android system API calls. Main feature of the suggested method introduced in this paper is that it requires only rootless or (user-mode) access to the system unlike previous works. For that reason this method is valuable for end-users due to the possibility of project distribution via Play Market and it does not require any phone system modifications and/or updates. This paper explains the required background of Android OS necessary for understanding and describes the method for modification Android application. In this paper the proof-of-concept implementation. That is able to block the application's IMEI requests is introduced. Also this paper lists unsuccessful methods that tried to provide the user security. Obviously with those restrictions application may lack some of features that can only be granted in unsecured environment.