Android App copy protection mechanism with semi-trusted loader

In 2014, Tsai et al. propose an Android App copy protection mechanism based on dynamic loading, in which an Android App is composed of an incomplete main App (IMA for short, such as an APK file) file and a separate essential class (SES for short, such as a Jar file)file. After purchasing an App, a mobile user firstly downloads the APK file from the Android market. Then, the mobile user installs the APK file in his/her mobile device. As the mobile user attempts to run the App, the embedded dynamic loading function will download the Jar file from the market and execute dynamic loading for all functionalities. The dynamic loading function will delete the SES file as all functionalities are loaded. However, the mobile user has to download the Jar file every time as he/she wants to execute all functionalities of the Android App. In addition, the dynamic loading function might be replaced with another malicious loading function. In this paper, we propose an Android App Copy protection mechanism with a semi-trusted loader. In our proposed mechanism, an Android App is also composed of an APK file and a Jar file. At the first execution time, the embedded semi-trusted loader will download the encrypted Jar file from the market and the corresponding decryption key for the Jar file. Then, the semi-trusted loader decrypts the Jar file by using the decryption key and executes the loading for all functionalities. After the loading, the semi-trusted loader will delete the decryption key and store the encrypted Jar file in the mobile device. After that, the semi-trusted loader only download the decryption key from the market as the mobile user wants to execute all functionalities of the App.