Grab 'n Run: Secure dynamic code loading for Android

A simple and effective Java Library that you can easily add to your Android projects to perform secure dynamic class loading operations.

The standard DexClassLoader is not secure, so one single mistake could open the application (and, therefore, the entire device) to serious security vulnerabilities, such as remote code execution. The main goal of Grab’s Run is to offer an alternative to the native Android APIs, and its design enforces that even the most inexperienced developer cannot perform well-known, serious mistakes.

Check out the source code: github.com/lukeFalsina/Grab-n-Run

References

(2015). Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications. Proceedings of the 31st Annual Computer Security Applications Conference.

PDF