Static Dalvik VM bytecode instrumentation
This provides a practical security solution for end-users by allowing API restriction without root access, though it may limit some application features.
The paper tackles the problem of restricting blacklisted Android system API calls by proposing a static Dalvik VM bytecode instrumentation method that requires only user-mode access, enabling distribution via the Play Market without system modifications. It demonstrates a proof-of-concept that blocks IMEI requests.
This work proposes a novel approach to restricting the access for blacklisted Android system API calls. Main feature of the suggested method introduced in this paper is that it requires only rootless or (user-mode) access to the system unlike previous works. For that reason this method is valuable for end-users due to the possibility of project distribution via Play Market and it does not require any phone system modifications and/or updates. This paper explains the required background of Android OS necessary for understanding and describes the method for modification Android application. In this paper the proof-of-concept implementation. That is able to block the application's IMEI requests is introduced. Also this paper lists unsuccessful methods that tried to provide the user security. Obviously with those restrictions application may lack some of features that can only be granted in unsecured environment.