Analysis of Android Code Transparency

posted in #IT Security, Mobile & Cloud on the 9.05.2023

In 2018, Google introduced a new file format for submitting applications to Google Play called Android Application Bundle (AAB). As the main difference to the traditional APK format, AAB allows uploading resources and code modules to Google Play as a whole, where optimised APK files for distribution are generated automatically and signed using the developer’s certificate. This allows serving end users with APK files that only contain exactly the resources and code modules that are needed for their specific device configuration (CPU, screen density, system language, …).

When Google in 2021 announced to require app submissions in the AAB format for all new applications, criticism emerged pointing out that the new mechanism would grant Google the technical possibility to manipulate applications before delivery to end users unknowingly to the developer. As a reaction to this criticism, Google introduced Code Transparency, a system intended to allow developers and users to examine the integrity of the delivered program code.

In this research project, we analyse Code Transparency to evaluate which possibilities app stores still have for manipulating the program logic of applications submitted as AAB files.

Downloads

File Description File size
pdf Project Report (DE) Version 1.0
4 MB