* ICSE 2018 *
Sun 27 May - Sun 3 June 2018 Gothenburg, Sweden
Fri 1 Jun 2018 15:00 - 15:20 at E2 room - Mobile, code and SMEs Chair(s): Diomidis Spinellis

In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now fairly common that a mobile app serves a large number of users across the globe. Different from webbased services whose important program logic is mostly placed on remote servers, many mobile apps require complicated client-side code to perform tasks that are critical to the businesses. The code of mobile apps can be easily accessed by any party after the software is installed on a rooted or jailbroken device. By examining the code, skilled reverse engineers can learn various knowledge about the design and implementation of an app. Real-world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app-provided services for unrightful profits, leading to significant financial losses for app vendors.

One of the most viable mitigations against malicious reverse engineering is to obfuscate the software before release. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps.

In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. Our report can benefit many stakeholders in the iOS ecosystem, including developers, security service providers, and Apple as the administrator of the ecosystem.

Presentation Slides (ICSE18-SEIP.pptx)2.12MiB

Fri 1 Jun
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30: Mobile, code and SMEsSEIP - Software Engineering in Practice at E2 room
Chair(s): Diomidis SpinellisAthens University of Economics and Business
14:00 - 14:20
Helping SMEs to Better Develop Software: Experience Report and Challenges Ahead
SEIP - Software Engineering in Practice
14:20 - 14:40
Static Analysis of Context Leaks in Android Applications
SEIP - Software Engineering in Practice
Flavio ToffaliniSingapore University of Technology and Design, Jun SunSingapore University of Technology and Design, Martin OchoaSingapore University of Technology and Design
Media Attached
14:40 - 15:00
Advantages and Disadvantages of a Monolithic Repository - A case study at Google
SEIP - Software Engineering in Practice
15:00 - 15:20
Protecting Million-User iOS Apps with Obfuscation: Motivations, Pitfalls, and Experience
SEIP - Software Engineering in Practice
Pei WangPennsylvania State University, Dinghao Wu, Zhaofeng Chen, Tao Wei
Pre-print File Attached
15:20 - 15:30
Q&A in this sesson
SEIP - Software Engineering in Practice