Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation

Pei Wang, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei, Dinghao Wu

Research output: Contribution to journalConference articlepeer-review

21 Scopus citations


The prosperity of smartphone markets has raised new concerns about software security on mobile platforms, leading to a growing demand for effective software obfuscation techniques. Due to various differences between the mobile and desktop ecosystems, obfuscation faces both technical and non-technical challenges when applied to mobile software. Although there have been quite a few software security solution providers launching their mobile app obfuscation services, it is yet unclear how real-world mobile developers perform obfuscation as part of their software engineering practices. Our research takes a first step to systematically studying the deployment of software obfuscation techniques in mobile software development. With the help of an automated but coarse-grained method, we computed the likelihood of an app being obfuscated for over a million app samples crawled from Apple App Store. We then inspected the top 6600 instances and managed to identify 601 obfuscated versions of 539 iOS apps. By analyzing this sample set with extensive manual effort, we made various observations that reveal the status quo of mobile obfuscation in the real world, providing insights into understanding and improving the situation of software protection on mobile platforms.

Original languageEnglish (US)
Pages (from-to)26-36
Number of pages11
JournalProceedings - International Conference on Software Engineering
StatePublished - 2018
Event40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden
Duration: May 27 2018Jun 3 2018

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation'. Together they form a unique fingerprint.

Cite this