{"code":"J9QR9K","speakers":[{"code":"UFQ8A9","name":"Jakob Bleier","biography":"themoep.at, security scholar at TU Wien, conjurer of pretty pixels, wiggles air into sound, he/him","avatar":"http://cfp.bsidesvienna.at/media/avatars/jb_MvHAkOJ.jpeg"}],"title":"Back to the Binary: Revisiting Similarities of Android Apps","submission_type":{"en":"Medium Talk"},"track":{"en":"Mittlerer Saal (Track 1 - 260 pax)"},"state":"confirmed","abstract":"New versions are usually exciting and full of possibilities, but keeping up with every new edge-case can be a very exhausting task. Especially on Android tools go out of date quickly and the latest research paper's implementation probably relies on a Java version most developers roll their eyes at.\r\n\r\nBut binaries? Binary tooling is forever. Well, let's say slightly more stable. We'll explore on a practical example how to use the Android Runtime to compile apps' Dalvik bytecode into binary ELFs and use BinDiff for similarity analysis.","description":"Quickly determining whether two apps are related is interesting for a couple of reasons: Malware detection, impersonification, lineage analysis, and more. But making this decision based on their code has many pitfalls, even if we don't take obfuscation into account. Stale tools, no updates, missing dependencies - instead of those we'll use the binary representation of apps and a combination of open source tools to get an estimator for code similarity.\r\n\r\nThe talk will cover some Android internals based on examples, and will provide a practical blueprint how to calculate code-based similarity of apps based on open-source tools. Suitable for non-reverse-engineers.","duration":45,"slot_count":1,"do_not_record":false,"is_featured":false,"content_locale":"en","slot":{"room":{"en":"Mittlerer Saal (Track 1)"},"start":"2026-06-27T15:20:00+02:00","end":"2026-06-27T16:05:00+02:00"},"image":"http://cfp.bsidesvienna.at/media/bsidesvienna-0x7ea/submissions/J9QR9K/back2thebinary_q4q2w91.jpg","resources":[]}