In this talk, I explore Runtime Resource Overlay (RRO), an often overlooked yet powerful mechanism in the Android operating system that allows applications to dynamically modify their own resources — as well as those of other apps — at runtime without recompilation. I analyze the significant potential RRO holds for safeguarding application resources, such as storing data in an encrypted form and decrypting it on the fly. This dynamic resource substitution drastically complicates reverse engineering efforts, making mobile apps far more resilient to analysis.
Furthermore, I demonstrate several Android OS vulnerabilities and undocumented behaviors that can be exploited to restrict app installations on specific devices or even silently uninstall applications without any user interaction.