Third Party Library Detection in Android Applications

Speaker/Bio

Prof Zhang is an assistant Professor in Computer Science Department at BU Metropolitan College. Her past research mainly focused on the system resource management. Her current research focuses on mobile security.

Abstract

Third party libraries are commonly used in Android applications. While they provide rich functionalities such as advertisements and social networking services, they also bring various security problems. Effective third party library detection can help mitigate security issues caused by the third party libraries. In this talk, we will review two detection techniques, LibScout and LibD, which are resilient against common code obfuscation techniques. LibScout [1] detects third party libraries in Android through profile matching. It is also capable of pinpointing exact library versions. Profiles are generated from class hierarchy information only and do not rely on concrete library code. LibD [2] extracts library candidates based on the class reference and inheritance relationship and detects libraries using classification methods. No prior knowledge about the libraries is needed. Both techniques are evaluated on a large set of Android applications. Their experiment results will be discussed in the talk.

References

1. Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable Third-Party Library Detection in Android and its Security Applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 356-367. DOI: https://doi.org/10.1145/2976749.2978333
2. Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo. 2017. LibD: scalable and precise third-party library detection in android markets. In Proceedings of the 39th International Conference on Software Engineering (ICSE '17). IEEE Press, Piscataway, NJ, USA, 335-346. DOI: https://doi.org/10.1109/ICSE.2017.38