Grab 'n Run: Secure dynamic code loading for Android

Aug 5, 2015 1 min read

A simple and effective Java Library that you can easily add to your Android projects to perform secure dynamic class loading operations.

The standard DexClassLoader is not secure, so one single mistake could open the application (and, therefore, the entire device) to serious security vulnerabilities, such as remote code execution. The main goal of Grab’s Run is to offer an alternative to the native Android APIs, and its design enforces that even the most inexperienced developer cannot perform well-known, serious mistakes.

Check out the source code: github.com/lukeFalsina/Grab-n-Run

References

Luca Falsina, Yanick Fratantonio, Stefano Zanero, Christopher Kruegel, Giovanni Vigna, Federico Maggi (2015). Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications. Proceedings of the 31st Annual Computer Security Applications Conference.

PDF