Decompiling Android Applications
Smartphone applications are frequently incompletely vetted, poorly isolated,
and installed by users without restraint. Such behavior is fraught with peril:
applications containing malicious logic or critical vulnerabilities are
likely to be identified only after substantial damage has already occurred.
Unfortunately, the limitations of application markets make them a poor agent
for certifying that applications are secure.
ded is a project which aims at decompiling Android applications. The ded
tool retargets Android applications in .dex format to traditional .class
files. These .class files can then be processed by existing Java tools,
including decompilers. Thus, Android applications can be analyzed using a
vast range of techniques developed for traditional Java applications.
Note: ded has now been replaced with
Dare, a more powerful
and more precise retargeting tool. Please visit the
Dare page for more
A Study of Decompiled Android Applications
The first application of our decompilation techniques was in a large scale
analysis of Android applications. We decompiled the 1,100
most popular applications using
ded. The decompiled code was then analyzed. While this analysis did not
reveal any malware,
we found that phone
identifiers and other personally identifiable information were widely used
by Android applications. More information is available in our USENIX Security
available on the publications page.
This study is a first step in the analysis of decompiled Android applications.
In order to enable the analysis of decompiled Android code by other
researchers, we are making ded available for download. Please see the
installation page for
downloads and installation instructions.
|| This research was supported by the National Science
Foundation Grant No. CNS-0905447, CNS-0721579 and CNS-0643907.
Please post any questions related to installation or usage of ded to the