Evaluating LLMs for Obfuscation Detection and Classification in Android Apps
arXiv SecurityArchived Jun 15, 2026✓ Full text saved
arXiv:2606.14233v1 Announce Type: cross Abstract: Android applications (apps) developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security analysis. Existing approaches for detecting obfuscation in Android apps predominantly rely on handcrafted heuristics, engineered features, or task-spe
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Software Engineering
[Submitted on 12 Jun 2026]
Evaluating LLMs for Obfuscation Detection and Classification in Android Apps
Luca Ferrari, Marco Alecci, Jordan Samhi, Tegawende' F. Bissyande', Jacques Klein, Mariano Ceccato, Luca Verderame
Android applications (apps) developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security analysis. Existing approaches for detecting obfuscation in Android apps predominantly rely on handcrafted heuristics, engineered features, or task-specific learning pipelines, which may struggle to generalize across evolving obfuscation strategies.
This paper presents a large-scale empirical study investigating the capability of Large Language Models (LLMs) to detect obfuscation in Android apps through semantic reasoning. Our study evaluates whether off-the-shelf LLMs can identify obfuscated code without relying on handcrafted rules, predefined signatures, or dedicated model training. The empirical evaluation is conducted on both a controlled benchmark containing an app obfuscated with multiple techniques and a real-world dataset of Android apps collected from Google Play. The study further examines the impact of prompt design, model selection, and decision thresholds across several open-weight and proprietary LLMs. Finally, the analysis compares LLM-based reasoning with existing SAST-based obfuscation-detection approaches and discusses the broader implications and limitations of applying LLMs to Android security analysis.
Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR)
Cite as: arXiv:2606.14233 [cs.SE]
(or arXiv:2606.14233v1 [cs.SE] for this version)
https://doi.org/10.48550/arXiv.2606.14233
Focus to learn more
Submission history
From: Marco Alecci [view email]
[v1] Fri, 12 Jun 2026 08:14:55 UTC (2,340 KB)
Access Paper:
HTML (experimental)
view license
Current browse context:
cs.SE
< prev | next >
new | recent | 2026-06
Change to browse by:
cs
cs.CR
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)