{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:24WEEPUGYNW22Z3TOK5T27ZQQC","short_pith_number":"pith:24WEEPUG","canonical_record":{"source":{"id":"1801.01633","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-05T05:27:54Z","cross_cats_sorted":[],"title_canon_sha256":"243e06123ac48bec4fb77dc870bb9f591b471016ef7e43477a51c6a47d064922","abstract_canon_sha256":"c3030616133005ec2d6137561a907b65d53b423238796ccbc522c509256ac305"},"schema_version":"1.0"},"canonical_sha256":"d72c423e86c36dad677372bb3d7f3080b1ef4c5464cb0642841de766a4fbc737","source":{"kind":"arxiv","id":"1801.01633","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.01633","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"arxiv_version","alias_value":"1801.01633v1","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.01633","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"pith_short_12","alias_value":"24WEEPUGYNW2","created_at":"2026-05-18T12:31:59Z"},{"alias_kind":"pith_short_16","alias_value":"24WEEPUGYNW22Z3T","created_at":"2026-05-18T12:31:59Z"},{"alias_kind":"pith_short_8","alias_value":"24WEEPUG","created_at":"2026-05-18T12:31:59Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:24WEEPUGYNW22Z3TOK5T27ZQQC","target":"record","payload":{"canonical_record":{"source":{"id":"1801.01633","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-05T05:27:54Z","cross_cats_sorted":[],"title_canon_sha256":"243e06123ac48bec4fb77dc870bb9f591b471016ef7e43477a51c6a47d064922","abstract_canon_sha256":"c3030616133005ec2d6137561a907b65d53b423238796ccbc522c509256ac305"},"schema_version":"1.0"},"canonical_sha256":"d72c423e86c36dad677372bb3d7f3080b1ef4c5464cb0642841de766a4fbc737","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:26:41.551009Z","signature_b64":"Cy85KDDnxQb/6ftAZ81BQJfvaAoOlR6P4KOU9lppJsF2hzsWYLHu76LHkZprdANObKZik/HBQmqaHqO+PtZ6BA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"d72c423e86c36dad677372bb3d7f3080b1ef4c5464cb0642841de766a4fbc737","last_reissued_at":"2026-05-18T00:26:41.550331Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:26:41.550331Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1801.01633","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:26:41Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"KNr/QBcIFEX4snAQY6ROszLPDZCW85oIsQgm85VNbaNw0AEpMpIlBxY0DQEy1Qxb8iYKA6ou1UM1n6tK1yhJBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T15:16:02.459498Z"},"content_sha256":"85140c00629309525b06bb0b606a049025fd5352e402bedc53db6b9747f06cc9","schema_version":"1.0","event_id":"sha256:85140c00629309525b06bb0b606a049025fd5352e402bedc53db6b9747f06cc9"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:24WEEPUGYNW22Z3TOK5T27ZQQC","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Fenghao Xu, Jian Liu, Kai Chen, Kehuan Zhang, Menghao Li, Shuaike Dong, Wenrui Diao, Xiangyu Liu, Xiaofeng Wang, Zhou Li","submitted_at":"2018-01-05T05:27:54Z","abstract_excerpt":"In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting fa"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.01633","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:26:41Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"9LAls89l7H4ipGGszcd5k6jS7i15hz2RBkyhv8S2vEo0gktDFOhElk7FhOI1XAl7b3Nb3XxmKopcgA2a3u2kCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T15:16:02.459890Z"},"content_sha256":"1fd2247792cfdf9055724444b2cd3d67dda8426d615f15a955f13b60a8c789ac","schema_version":"1.0","event_id":"sha256:1fd2247792cfdf9055724444b2cd3d67dda8426d615f15a955f13b60a8c789ac"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/bundle.json","state_url":"https://pith.science/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-01T15:16:02Z","links":{"resolver":"https://pith.science/pith/24WEEPUGYNW22Z3TOK5T27ZQQC","bundle":"https://pith.science/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/bundle.json","state":"https://pith.science/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/state.json","well_known_bundle":"https://pith.science/.well-known/pith/24WEEPUGYNW22Z3TOK5T27ZQQC/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:24WEEPUGYNW22Z3TOK5T27ZQQC","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"c3030616133005ec2d6137561a907b65d53b423238796ccbc522c509256ac305","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-05T05:27:54Z","title_canon_sha256":"243e06123ac48bec4fb77dc870bb9f591b471016ef7e43477a51c6a47d064922"},"schema_version":"1.0","source":{"id":"1801.01633","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1801.01633","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"arxiv_version","alias_value":"1801.01633v1","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1801.01633","created_at":"2026-05-18T00:26:41Z"},{"alias_kind":"pith_short_12","alias_value":"24WEEPUGYNW2","created_at":"2026-05-18T12:31:59Z"},{"alias_kind":"pith_short_16","alias_value":"24WEEPUGYNW22Z3T","created_at":"2026-05-18T12:31:59Z"},{"alias_kind":"pith_short_8","alias_value":"24WEEPUG","created_at":"2026-05-18T12:31:59Z"}],"graph_snapshots":[{"event_id":"sha256:1fd2247792cfdf9055724444b2cd3d67dda8426d615f15a955f13b60a8c789ac","target":"graph","created_at":"2026-05-18T00:26:41Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting fa","authors_text":"Fenghao Xu, Jian Liu, Kai Chen, Kehuan Zhang, Menghao Li, Shuaike Dong, Wenrui Diao, Xiangyu Liu, Xiaofeng Wang, Zhou Li","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-05T05:27:54Z","title":"Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1801.01633","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:85140c00629309525b06bb0b606a049025fd5352e402bedc53db6b9747f06cc9","target":"record","created_at":"2026-05-18T00:26:41Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"c3030616133005ec2d6137561a907b65d53b423238796ccbc522c509256ac305","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-01-05T05:27:54Z","title_canon_sha256":"243e06123ac48bec4fb77dc870bb9f591b471016ef7e43477a51c6a47d064922"},"schema_version":"1.0","source":{"id":"1801.01633","kind":"arxiv","version":1}},"canonical_sha256":"d72c423e86c36dad677372bb3d7f3080b1ef4c5464cb0642841de766a4fbc737","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"d72c423e86c36dad677372bb3d7f3080b1ef4c5464cb0642841de766a4fbc737","first_computed_at":"2026-05-18T00:26:41.550331Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:26:41.550331Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Cy85KDDnxQb/6ftAZ81BQJfvaAoOlR6P4KOU9lppJsF2hzsWYLHu76LHkZprdANObKZik/HBQmqaHqO+PtZ6BA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:26:41.551009Z","signed_message":"canonical_sha256_bytes"},"source_id":"1801.01633","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:85140c00629309525b06bb0b606a049025fd5352e402bedc53db6b9747f06cc9","sha256:1fd2247792cfdf9055724444b2cd3d67dda8426d615f15a955f13b60a8c789ac"],"state_sha256":"23478561ad22010c313b635b831a38beabfe46f4def76849cf1c19746bde90fd"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"PxLuG3lHIw8lunZnzGD3+1xJxwySAmRNPP/AUhPa+ulZ3lJyDat7e4L+DphDvqR2VjqVz2EkqUpFbjq5s4Q8CQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-01T15:16:02.461778Z","bundle_sha256":"4d8dd2d7d0fd0d043c985ffd94a49cbec5d4c7787d2e66964356061acc2fe208"}}