Both Android application developers and malware authors use sophisticated obfuscation tools to prevent their mobile applications from being repackaged and analyzed. These tools obfuscate sensitive strings and classes, API calls, and control flows in the Dalvik bytecode. Consequently, it is inevitable for the security analysts to spend the significant amount of time for understanding the robustness of these obfuscation techniques and fully comprehending the intentions of each application. Since such analyses are often error-prone and require extensive analysis experience, it is critical to explore a novel approach to systematically analyze Android application bytecode. In this paper, we propose an approach to address such a critical challenge by placing hooks in the Dalvik virtual machine at the point where a Dalvik instruction is about to be executed. Also, we demonstrate the effectiveness of our approach through case studies on real-world applications with our prototype called DexMonitor.

Original languageEnglish (US)
Article number8537885
Pages (from-to)71229-71240
Number of pages12
JournalIEEE Access
StatePublished - 2018


  • Android application analysis
  • Bytecode monitoring
  • mobile security

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)


Dive into the research topics of 'DexMonitor: Dynamically Analyzing and Monitoring Obfuscated Android Applications'. Together they form a unique fingerprint.

Cite this