Fingerprinting Code of Mobile Applications
The analysis of applications for mobile platforms (Android, iOS) has shown that security-relevant problems are often not to be found in the application code itself, but are introduced by components of third-party software. Often, these problematic code parts are made freely available and are thus found in many applications. If the program code is obfuscated by the manufacturer, it becomes very difficult to find precarious code parts.
The aim of this project was to develop a strategy to find already known code fragments which are regarded as problematic or potentially dangerous in the security context by automated means. The approach thus designed can help to reduce the effort required for manual inspection of applications and sometimes significantly facilitate the rapid detection of security-relevant errors despite code obfuscation.