As a software developer, you can be pretty certain that, unless you put your name somewhere in your app or explicitly tell the public that you are the author of it, nobody will ever be able to find out that it is you who have written the app. Yes, your compiled binaries can be decompiled and, as the result, your trade secrets can be stolen, but your identity as the author will remain safe. This is how things were until now. Not so anymore.
Artificial Intelligence researchers from several universities have collaborated to create a tool that is capable of decompiling binary files and discovering who the author is based on stylometric analysis. So, once the code is extracted from a binary, the tool can then compare it against many public code repositories, such as GitHub, and determine the author based on the coding style.
Success rate of the tool varied, but it was pretty impressive. When comparing an assembly against Google Code Jam challenges, the accuracy in identifying the author was between 83 and 96%. On GirHub, the accuracy went down to as low as 50%. However, this was mainly because many repositories available there have been written by more than one author; therefore most of them had a variety of coding styles. On the other hand, those developers who have a large number of solo projects on GitHub were identified with an accuracy close to 100%.
More experienced developers tended to be much easier to identify compared to the beginners. This is because, over time, programmers tend to develop a distinct coding style, while those who start out tend to follow the patterns presented in various online tutorials.
So, this is a good news for law enforcement agencies who are trying hard to unmask malware developers. This isn't, however, such a good news for everyone else. Even if you have never written anything malicious, one of your app might happen to violate some law in a part of the world you never thought of. This is why, if such tool will become widespread, some programmers might get into trouble even without participating in an intentionally harmful behaviour.
So, if you are a programmer, what can you do to mitigate any risk to yourself? There are two immediate steps you can take:
1) Mix up your coding style
2) Don't put too many solo projects out in the public repositories
For more information, follow this link:
Published by Mobile Tech Tracker
Posted on 22 Mar 2018