Hao-Yu WANG,Yao GUO,Zi-Ang MA,Xiang-Qun CHEN

DOI: https://doi.org/10.13328/j.cnki.jos.005221

2017-01-01

Journal of Software

Abstract:Third-Party libraries are widely used in mobile applications such as Android apps.Much research on app analysis or access control needs to detect or classify third-party libraries first in order to provide accurate results.Most previous studies use a whitelist to identify third-party libraries and manually categorize them.However,it is impossible to build a complete whitelist of third-party libraries and classify them because:(1) there are too many of them;and (2) common techniques such as library obfuscation and library masquerading cannot be handled with a whitelist.In this paper,an automated approach is proposed to detect and classify frequently-used third-party libraries in Android apps.A multi-level clustering based method is presented to identify third-party libraries,and a machine learning based technique is applied to classify the libraries.Experiments on more than 130000 apps show that 4916 third-party libraries can be detected without prior knowledge.The classification result of 10-folds cross validation on sampled libraries is 84.28％.With the trained classifier,the proposed approach is able to classify more than 75％ of the 4916 libraries into six categories with an accuracy of 75％.

Menghao Li,Pei Wang,Wei Wang,Shuai Wang,Dinghao Wu,Jian Liu,Rui Xue,Wei Huo,Wei Zou

DOI: https://doi.org/10.1109/tse.2018.2872958

IF: 7.4

2020-09-01

IEEE Transactions on Software Engineering

Abstract:With the thriving of mobile app markets, third-party libraries are pervasively used in Android applications. The libraries provide functionalities such as advertising, location, and social networking services, making app development much more productive. However, the spread of vulnerable and harmful third-party libraries can also hurt the mobile ecosystem, leading to various security problems. Therefore, third-party library identification has emerged as an important problem, being the basis of many security applications such as repackaging detection, vulnerability identification, and malware analysis. Previously, we proposed a novel approach to identifying third-party Android libraries at a massive scale. Our method uses the internal code dependencies of an app to recognize library candidates and further classify them. With a fine-grained feature hashing strategy, we can better handle code whose package and method names are obfuscated than historical work. We have developed a prototypical tool called LibD and evaluated it with an up-to-date dataset containing 1,427,395 Android apps. Our experiment results show that LibD outperforms existing tools in detecting multi-package third-party libraries with the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability. In this paper, we extend our early work by investigating the possibility of employing effective and scalable library detection to boost the performance of large-scale app analyses in the real world. We show that the technique of LibD can be used to accelerate whole-app Android vulnerability detection and quickly identify variants of vulnerable third-party libraries. This extension paper sheds light on the practical value of our previous research.

engineering, electrical & electronic,computer science, software engineering

Yongzhong He,Binghui Hu,Zhen Han

DOI: https://doi.org/10.1109/icdis.2018.00051

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:Third-party libraries are widely used in Android apps. As third-party libraries share permissions with the host apps, they are easily over-privileged and leak users' privacy without notice. Combing static third-party library detection tool and dynamic Xposed framework, we propose a fine-grained and dynamic privacy leakage analysis tool to analyze the privacy leakage behaviors of third-party libraries in real time. This paper identifies three types of privacy leakage path inside apps. We evaluate 150 popular apps, collecting 1909 privacy information related call chains. We find the third-party libraries access to privacy information account for the largest proportion, and most of third-party libraries have direct network connections and the correspondent flows are inspected to validate the privacy leakage risk. The results show that the tool can achieve real-time, fine-grained and dynamic privacy behavior analysis of Android apps.

Hua Cheng,Guang Hu,Jin Liu,Zhiwei Kang,Chao Pan,ZiJun Zhang

DOI: https://doi.org/10.1109/cac57257.2022.10054907

2022-01-01

Abstract:Third-party libraries are widely used in APP development, providing technical solutions for APP rich functions, but some third-party libraries can collect many user privacy information and cause data leakage. According to our survey, about 60% of Android applications use android packing services. Existing tools cannot effectively detect third-party libraries used in packed applications, and their analysis results of third-party library privacy leaks are not comprehensive. To overcome these limitations, we improve the traditional third- party library detection tools so that it can detect third-party libraries used in packed applications. We propose a fine-grained privacy-collecting third-party library detection framework for detecting the privacy leakage of third-party libraries in Android applications by combining Androguard, Frida and improved third-party library detection tools. Our experimental results on 300 mainstream apps show that our framework provides good support for analyzing packed applications, and our approach can detect more third-party libraries and provide a more comprehensive analysis of privacy leaks of third-party libraries than existing tools.

Xian Zhan,Tianming Liu,Lingling Fan,Li,Sen Chen,Xiapu Luo,Yang Liu

DOI: https://doi.org/10.1109/tse.2021.3114381

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Third-party libraries (TPLs) have been widely used in mobile apps, which play an essential part in the entire Android ecosystem. However, TPL is a double-edged sword. On the one hand, it can ease the development of mobile apps. On the other hand, it also brings security risks such as privacy leaks or increased attack surfaces (e.g., by introducing over-privileged permissions) to mobile apps. Although there are already many studies for characterizing third-party libraries, including automated detection, security and privacy analysis of TPLs, TPL attributes analysis, etc., what strikes us odd is that there is no systematic study to summarize those studies’ endeavors. To this end, we conduct the first systematic literature review on Android TPL-related research. Following a well-defined systematic literature review protocol, we collected 74 primary research papers closely related to Android third-party library from 2012 to 2020. After carefully examining these studies, we designed a taxonomy of TPL-related research studies and conducted a systematic study to summarize current solutions, limitations, challenges and possible implications of new research directions related to third-party library analysis. We hope that these contributions can give readers a clear overview of existing TPL-related studies and inspire them to go beyond the current status quo by advancing the discipline with innovative approaches.

Xian Zhan,Tianming Liu,Lingling Fan,Li Li,Sen Chen,Xiapu Luo,Yang Liu

DOI: https://doi.org/10.48550/arXiv.2108.03787

2021-08-09

Abstract:Third-party libraries (TPLs) have been widely used in mobile apps, which play an essential part in the entire Android ecosystem. However, TPL is a double-edged sword. On the one hand, it can ease the development of mobile apps. On the other hand, it also brings security risks such as privacy leaks or increased attack surfaces (e.g., by introducing over-privileged permissions) to mobile apps. Although there are already many studies for characterizing third-party libraries, including automated detection, security and privacy analysis of TPLs, TPL attributes analysis, etc., what strikes us odd is that there is no systematic study to summarize those studies' endeavors. To this end, we conduct the first systematic literature review on Android TPL-related research. Following a well-defined systematic literature review protocol, we collected 74 primary research papers closely related to the Android third-party library from 2012 to 2020. After carefully examining these studies, we designed a taxonomy of TPL-related research studies and conducted a systematic study to summarize current solutions, limitations, challenges and possible implications of new research directions related to third-party library analysis. We hope that these contributions can give readers a clear overview of existing TPL-related studies and inspire them to go beyond the current status quo by advancing the discipline with innovative approaches.

Software Engineering

Jun Qiu,Xuewu Yang,Huamao Wu,Yajin Zhou,Jinku Li,Jianfeng Ma

DOI: https://doi.org/10.1109/tdsc.2021.3075817

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Android application (or app) developers increasingly integrate third-party libraries to enrich the functionality of their apps. However, current permission model on Android cannot constrain the behaviors of in-app third-party libraries for allowing them to operate with the same permissions as their host app. This brings serious security and privacy concerns to users. In this article, we propose LibCapsule, a user-level solution to confine third-party libraries from potential permission abuses. Compared to previous systems, LibCapsule is able to provide complete confinement of third-party libraries in Android apps, including the static Java code, dynamically loaded code and native code of third-party libraries. We have developed a prototype of LibCapsule, and collected 204 popular third-party libraries as well as 2,021 apps to evaluate it. The evaluation results indicate that LibCapsule is capable of enforcing complete and fine-grained regulation on third-party libraries according to customized security policies with a low performance overhead. To engage the whole community, we will release the dataset of third-party libraries and apps in our evaluation.

Menghao Li,Wei Wang,Pei Wang,Shuai Wang,Dinghao Wu,Jian Liu,Rui Xue,Wei Huo

DOI: https://doi.org/10.1109/ICSE.2017.38

2017-01-01

Abstract:With the thriving of the mobile app markets, third-party libraries are pervasively integrated in the Android applications. Third-party libraries provide functionality such as advertisements, location services, and social networking services, making multi-functional app development much more productive. However, the spread of vulnerable or harmful third-party libraries may also hurt the entire mobile ecosystem, leading to various security problems. The Android platform suffers severely from such problems due to the way its ecosystem is constructed and maintained. Therefore, third-party Android library identification has emerged as an important problem which is the basis of many security applications such as repackaging detection and malware analysis. According to our investigation, existing work on Android library detection still requires improvement in many aspects, including accuracy and obfuscation resilience. In response to these limitations, we propose a novel approach to identifying third-party Android libraries. Our method utilizes the internal code dependencies of an Android app to detect and classify library candidates. Different from most previous methods which classify detected library candidates based on similarity comparison, our method is based on feature hashing and can better handle code whose package and method names are obfuscated. Based on this approach, we have developed a prototypical tool called LibD and evaluated it with an update-to-date and large-scale dataset. Our experimental results on 1,427,395 apps show that compared to existing tools, LibD can better handle multi-package third-party libraries in the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability.

Xian Zhan,Lingling Fan,Tianming Liu,Sen Chen,Li,Haoyu Wang,Yifei Xu,Xiapu Luo,Yang Liu

DOI: https://doi.org/10.1145/3324884.3416582

2020-01-01

Abstract:Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs with different functionalities to facilitate their app development. Unfortunately, the popularity of TPLs also brings new challenges and even threats. TPLs may carry malicious or vulnerable code, which can infect popular apps to pose threats to mobile users. Besides, the code of third-party libraries could constitute noises in some downstream tasks (e.g., malware and repackaged app detection). Thus, researchers have developed various tools to identify TPLs. However, no existing work has studied these TPL detection tools in detail; different tools focus on different applications with performance differences, but little is known about them. To better understand existing TPL detection tools and dissect TPL detection techniques, we conduct a comprehensive empirical study to fill the gap by evaluating and comparing all publicly available TPL detection tools based on four criteria: effectiveness, efficiency, code obfuscation-resilience capability, and ease of use. We reveal their advantages and disadvantages based on a systematic and thorough empirical study. Furthermore, we also conduct a user study to evaluate the usability of each tool. The results show that LibScout outperforms others regarding effectiveness, LibRadar takes less time than others and is also regarded as the most easy-to-use one, and LibPecker performs the best in defending against code obfuscation techniques. We further summarize the lessons learned from different perspectives, including users, tool implementation, and researchers. Besides, we enhance these open-sourced tools by fixing their limitations to improve their detection ability. We also build an extensible framework that integrates all existing available TPL detection tools, providing online service for the research community. We make publicly available the evaluation dataset and enhanced tools. We believe our work provides a clear picture of existing TPL detection techniques and also give a road-map for future directions.

Zhan Xian,Lingling Fan,Tianming Liu,Sen Chen,Li Li,Haoyu Wang,Yifei Xu,Xiapu Luo,Yang Liu

2020-01-01

Abstract:Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs with different functionalities to facilitate their app development. Unfortunately, the popularity of TPLs also brings new challenges and even threats. TPLs may carry malicious or vulnerable code and can infect many popular apps to pose threats to mobile users. Besides, the code of third-party libraries could constitute noises in some detection tasks. Thus, researchers have developed various tools to identify TPLs. However, no existing work has studied these TPL detection tools in detail; different tools focus on different applications with performance differences, so little is known about them. To better understand existing TPL detection tools and dissect TPL detection techniques, we conduct an experience paper and attempt to fill the gap by evaluating and comparing all publicly available TPL detection tools based on four criteria: effectiveness, efficiency, code obfuscation-resilience capability, and ease of use. We reveal their advantages and disadvantages based on our empirical study. The result shows that most TPL detection tools can achieve high precision but with low recall. According to our evaluation and survey results, we recommend different tools for different application scenarios. We find that LibRadar is suitable for large-scale in-app TPL detection. LibPecker is ideal for identifying obfuscated TPLs. LibScout can identify specific library versions, which can be leveraged to find vulnerable TPLs, etc. Besides, we enhance these open-sourced tools by fixing their limitations, to improve their detection ability. We also build an extensible framework that integrates all existing available TPL detection tools, providing online service for the research community. We make publicly available the evaluation dataset and enhanced tools. We believe our work provides a clear picture of existing TPL detection techniques and also give a road-map for future directions.

Yanghua Zhang,Jice Wang,Hexiang Huang,Yuqing Zhang,Peng Liu

DOI: https://doi.org/10.1109/tbdata.2021.3093244

2021-01-01

IEEE Transactions on Big Data

Abstract:With the thriving of the Android ecosystem, codes are widely reused in Android apps in the form of third-party libraries. Recent research shows that emerging third-party libraries may introduce a lot of privacy risks and other security threats. Nevertheless, current approaches on libraries identification are far away from the demand for accuracy and efficiency. In this article, we present LibHawkeye, a new clustering-based technique to identify third-party libraries in millions of Android apps. Our approach utilizes four different kinds of dependencies inside Android apps to build intra-app dependency graphs but discards package homogeny which is heavily depended upon by most previous works. What’s more, we propose three steps of refinement to eliminate false positives in the initial result as much as possible. The experiment on 1,000 apps reports that compared to existing tools, LibHawkeye can precisely identify at least 26.5 percent more libraries. We also evaluate it with 3,987,206 Android apps published in Google Play, and the accuracy of sampled libraries from the clustering result is 93.25 percent. Results show that LibHawkeye significantly outperforms the state-of-the-art tools without loss of scalability.

Yutian Tang,Xian Zhan,Hao Zhou,Xiapu Luo,Zhou Xu,Yajin Zhou,Qiben Yan

DOI: https://doi.org/10.1109/ase.2019.00069

2019-01-01

Abstract:Since the performance issues of apps can influence users' experience, developers leverage application performance management (APM) tools to locate the potential performance bottleneck of their apps. Unfortunately, most developers do not understand how APMs monitor their apps during the runtime and whether these APMs have any limitations. In this paper, we demystify APMs by inspecting 25 widely-used APMs that target on Android apps. We first report how these APMs implement 8 key functions as well as their limitations. Then, we conduct a large-scale empirical study on 500,000 Android apps from Google Play to explore the usage of APMs. This study has some interesting observations about existing APMs for Android, including 1) some APMs still use deprecated permissions and approaches so that they may not always work properly; 2) some app developers use APMs to collect users' privacy information.

Zicheng Zhang,Wenrui Diao,Chengyu Hu,Shanqing Guo,Chaoshun Zuo,Li

DOI: https://doi.org/10.1145/3395351.3399346

2020-01-01

Abstract:The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.

Charlie Soh,Hee Beng Kuan Tan,Yauhen Leanidavich Arnatovich,Annamalai Narayanan,Lipo Wang

DOI: https://doi.org/10.1109/APSEC.2016.017

2016-01-01

Abstract:Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.

Kaifa Zhao,Xian Zhan,Le Yu,Shiyao Zhou,Hao Zhou,Xiapu Luo,Haoyu Wang,Yepang Liu

2023-09-09

Abstract:The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about investigating regulation requirements for third-party libraries (TPLs). The regulators enacted multiple regulations to regulate the usage of personal information for TPLs (e.g., the "California Consumer Privacy Act" requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to analyze the legality of TPLs due to three reasons: 1) TPLs are mainly published on public repositoriesinstead of app market (e.g., Google play). The public repositories do not perform privacy compliance analysis for each TPL. 2) TPLs only provide independent functions or function sequences. They cannot run independently, which limits the application of performing dynamic analysis. 3) Since not all the functions of TPLs are related to user privacy, we must locate the functions of TPLs that access/process personal information before performing privacy compliance analysis. To overcome the above challenges, in this paper, we propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations or not. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies to avoid violating regulations.

Software Engineering,Cryptography and Security

Jingyi Guo,Min Zheng,Yajin Zhou,Haoyu Wang,Lei Wu,Xiapu Luo,Kui Ren

DOI: https://doi.org/10.48550/arXiv.2207.01837

2022-07-05

Cryptography and Security

Abstract:Vetting security impacts introduced by third-party libraries in iOS apps requires a reliable library detection technique. Especially when a new vulnerability (or a privacy-invasive behavior) was discovered in a third-party library, there is a practical need to precisely identify the existence of libraries and their versions for iOS apps. However, few studies have been proposed to tackle this problem, and they all suffer from the code duplication problem in different libraries. In this paper, we focus on third-party library detection in iOS apps. Given an app, we aim to identify the integrated libraries and pinpoint their versions (or the version range).To this end, we first conduct an in-depth study on iOS third-party libraries to demystify the code duplication challenge. By doing so, we have two key observations: 1) even though two libraries can share classes, the shared classes cannot be integrated into an app simultaneously without causing a class name conflict; and 2) code duplication between multiple versions of two libraries can vary. Based on these findings, we propose a novel profile-based similarity comparison approach to perform the detection. Specifically, we build a library database consists of original library binaries with distinct versions. After extracting profiles for each library version and the target app, we conduct a similarity comparison to find the best matches. We implemented this approach in iLibScope. We built a benchmark consists of 5,807 apps with 10,495 library integrations and applied our tool to it. Our evaluation shows that iLibScope achieves a recall exceeds 99% and a precision exceeds 97% for library detection. We also applied iLibScope to detect the presence of well-known vulnerable third-party libraries in real-world iOS mobile apps to show the promising usage of our tool. It successfully identified 405 vulnerable library usage from 4,249 apps.

Wu Zhou,Yajin Zhou,Xuxian Jiang,Peng Ning

DOI: https://doi.org/10.1145/2133601.2133640

2012-01-01

Abstract:Recent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized in different application marketplaces, can be conveniently browsed by mobile users and then simply clicked to install on a variety of mobile devices. In practice, besides the official marketplaces from platform vendors (e.g., Google and Apple), a number of third-party alternative marketplaces have also been created to host thousands of apps (e.g., to meet regional or localization needs). To maintain and foster a hygienic smartphone app ecosystem, there is a need for each third-party marketplace to offer quality apps to mobile users. In this paper, we perform a systematic study on six popular Android-based third-party marketplaces. Among them, we find a common "in-the-wild" practice of repackaging legitimate apps (from the official Android Market) and distributing repackaged ones via third-party marketplaces. To better understand the extent of such practice, we implement an app similarity measurement system called DroidMOSS that applies a fuzzy hashing technique to effectively localize and detect the changes from app-repackaging behavior. The experiments with DroidMOSS show a worrisome fact that 5% to 13% of apps hosted on these studied marketplaces are repackaged. Further manual investigation indicates that these repackaged apps are mainly used to replace existing in-app advertisements or embed new ones to "steal" or re-route ad revenues. We also identify a few cases with planted backdoors or malicious payloads among repackaged apps. The results call for the need of a rigorous vetting process for better regulation of third-party smartphone application marketplaces.

Xian Zhan,Tianming Liu,Yepang Liu,Yang Liu,Li Li,Haoyu Wang,Xiapu Luo

DOI: https://doi.org/10.1109/tse.2021.3115506

IF: 7.4

2021-01-01

IEEE Transactions on Software Engineering

Abstract:Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs to facilitate their app development. Unfortunately, the popularity of TPLs also brings new security issues. For example, TPLs may carry malicious or vulnerable code, which can infect popular apps to pose threats to mobile users. Furthermore, TPL detection is essential for downstream tasks, such as vulnerabilities and malware detection. Thus, various tools have been developed to identify TPLs. However, no existing work has studied these TPL detection tools in detail, and different tools focus on different applications and techniques with performance differences. A comprehensive understanding of these tools will help us make better use of them. To this end, we conduct a comprehensive empirical study to fill the gap by evaluating and comparing all publicly available TPL detection tools based on six criteria: accuracy of TPL construction, effectiveness, efficiency, accuracy of version identification, resiliency to code obfuscation, and ease of use. Besides, we enhance these open-source tools by fixing their limitations, to improve their detection ability. Finally, we build an extensible framework that integrates all existing available TPL detection tools, providing an online service for the research community. We release the evaluation dataset and enhanced tools. According to our study, we also present the essential findings and discuss promising implications to the community; e.g., 1) Most existing TPL detection techniques more or less depend on package structure to construct in-app TPL candidates. However, using package structure as the module decoupling feature is error-prone. We hence suggest future researchers using the class dependency to substitute package structure. 2) Extracted features include richer semantic information (e.g., class dependencies) can achieve better resiliency to code obfuscation. 3) Existing tools usually have - low recall; that is because previous tools ignore some features of Android apps and TPLs, such as the compilation mechanism, the new format of TPLs, TPL dependency. Most existing tools cannot effectively find partial import TPLs, obfuscated TPLs, which directly limit their capability. 4) Existing tools are complementary to each other; we can build a better tool via combining the advantages of each tool. We believe our work provides a clear picture of existing TPL detection techniques and also gives a road-map for future research.

engineering, electrical & electronic,computer science, software engineering

Jia Zeng,Dan Han,Yaling Zhu,Yangzhong Wang,Fangchen Weng

2024-04-28

Abstract:In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information, posing a severe threat to software security. Research on third-party libraries in software becomes paramount to address this growing security challenge. Numerous research findings exist regarding third-party libraries' usage, ecosystem, detection, and fortification defenses. Understanding the usage and ecosystem of third-party libraries helps developers comprehend the potential risks they bring and select trustworthy libraries. Third-party library detection tools aid developers in automatically discovering third-party libraries in software, facilitating their management. In addition to detection, fortification defenses are also indispensable. This article profoundly investigates and analyzes this literature, summarizing current research achievements and future development directions. It aims to provide practical and valuable insights for developers and researchers, jointly promoting the healthy development of software ecosystems and better-protecting software from security threats.

Software Engineering

Li,Timothee Riom,Tegawende F. Bissyande,Haoyu Wang,Jacques Klein,Le Traon Yves

DOI: https://doi.org/10.1016/j.jss.2019.04.065

IF: 3.5

2019-01-01

Journal of Systems and Software

Abstract:The packaging model of Android apps requires the entire code to be shipped into a single APK file in order to be installed and executed on a device. This model introduces noises to Android app analyses, e.g., detection of repackaged applications, malware classification, as not only the core developer code but also the other assistant code will be visited. Such assistant code is often contributed by common libraries that are used pervasively by all apps. Despite much effort has been put in our community to investigate Android libraries, the momentum of Android research has not yet produced a complete and reliable set of common libraries for supporting thorough analyses of Android apps. In this work, we hence leverage a dataset of about 1.5 million apps from Google Play to identify potential common libraries, including advertisement libraries, and their abstract representations. With several steps of refinements, we finally collect 1113 libraries supporting common functions and 240 libraries for advertisement. For each library, we also collected its various abstract representations that could be leveraged to find new usages, including obfuscated cases. Based on these datasets, we further empirically revisit three popular Android app analyses, namely (1) repackaged app detection, (2) machine learning-based malware detection, and (3) static code analysis, aiming at measuring the impact of common libraries on their analysing performance. Our experimental results demonstrate that common library can indeed impact the performance of Android app analysis approaches. Indeed, common libraries can introduce both false positive and false negative results to repackaged app detection approaches. The existence of common libraries in Android apps may also impact the performance of machine learning-based classifications as well as that of static code analysers. All in all, the aforementioned results suggest that it is essential to harvest a reliable list of common libraries and also important to pay special attention to them when conducting Android-related investigations. (C) 2019 Elsevier Inc. All rights reserved.