ARTist: The Android Runtime Instrumentation and Security Toolkit
This work addresses the need for modern instrumentation tools in Android security and performance analysis, representing an incremental advancement by adapting to the new ART runtime.
The authors tackled the problem of application instrumentation for Android by developing ARTist, a compiler-based solution that leverages the new ART runtime and dex2oat compiler, achieving viability through two use cases and demonstrating its superiority over bytecode or binary rewriting approaches.
We present ARTist, a compiler-based application instrumentation solution for Android. ARTist is based on the new ART runtime and the on-device dex2oat compiler of Android, which replaced the interpreter-based managed runtime (DVM) from Android version 5 onwards. Since dex2oat is yet uncharted, our approach required first and foremost a thorough study of the compiler suite's internals and in particular of the new default compiler backend Optimizing. We document the results of this study in this paper to facilitate independent research on this topic and exemplify the viability of ARTist by realizing two use cases. Moreover, given that seminal works like TaintDroid hitherto depend on the now abandoned DVM, we conduct a case study on whether taint tracking can be re-instantiated using a compiler-based instrumentation framework. Overall, our results provide compelling arguments for preferring compiler-based instrumentation over alternative bytecode or binary rewriting approaches.