ABSTRACT
This chapter discusses the potential use cases for recompiling/modifying the behavior of applications. It shows how to analyze and debug Android application binaries and explains the.dex file format and describes how to decompile and recompile Android applications without having access to source code, thus changing the application's behavior. The chapter demonstrates how an attacker can change an application's behavior by decompiling the application, changing the smali code, and recompiling it. Malicious users can potentially download an Android application, decompile it, add malicious behavior to it, repackage the application, and put it back on the Web on secondary Android markets. The Dalvik Virtual Machine (VM) is a register-based virtual machine designed to run Android applications. The Dalvik VM enables applications to run efficiently on devices in which battery life and processing power are of paramount important. Android applications written in Java are compiled into Java byte code using a Java compiler.
