More Web Proxy on the site http://driver.im/

research-article

LibD: scalable and precise third-party library detection in android markets

Authors:

Wei HuoAuthors Info & Claims

ICSE '17: Proceedings of the 39th International Conference on Software Engineering

Pages 335 - 346

https://doi.org/10.1109/ICSE.2017.38

Published: 20 May 2017 Publication History

Abstract

With the thriving of the mobile app markets, third-party libraries are pervasively integrated in the Android applications. Third-party libraries provide functionality such as advertisements, location services, and social networking services, making multi-functional app development much more productive. However, the spread of vulnerable or harmful third-party libraries may also hurt the entire mobile ecosystem, leading to various security problems. The Android platform suffers severely from such problems due to the way its ecosystem is constructed and maintained. Therefore, third-party Android library identification has emerged as an important problem which is the basis of many security applications such as repackaging detection and malware analysis.

According to our investigation, existing work on Android library detection still requires improvement in many aspects, including accuracy and obfuscation resilience. In response to these limitations, we propose a novel approach to identifying third-party Android libraries. Our method utilizes the internal code dependencies of an Android app to detect and classify library candidates. Different from most previous methods which classify detected library candidates based on similarity comparison, our method is based on feature hashing and can better handle code whose package and method names are obfuscated. Based on this approach, we have developed a prototypical tool called LibD and evaluated it with an update-to-date and large-scale dataset. Our experimental results on 1,427,395 apps show that compared to existing tools, LibD can better handle multi-package third-party libraries in the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability.

References

[1]

"Number of apps available in leading app stores as of July 2015," http://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/.

[2]

J. Lin, B. Liu, N. Sadeh, and J. I. Hong, "Modeling users mobile app privacy preferences: Restoring usability in a sea of permission settings," in Proceedings of the 2014 Symposium On Usable Privacy and Security, ser. SOUPS '14, 2014, pp. 199--212.

[3]

K. Chen, P. Liu, and Y. Zhang, "Achieving accuracy and scalability simultaneously in detecting application clones on Android markets," in Proceedings of the 36th International Conference on Software Engineering, ser. ICSE '14, 2014, pp. 175--186.

Digital Library

[4]

B. Liu, B. Liu, H. Jin, and R. Govindan, "Efficient privilege de-escalation for ad libraries in mobile apps," in Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, ser. MobiSys '15, 2015, pp. 89--103.

Digital Library

[5]

J. Crussell, C. Gibler, and H. Chen, "Scalable semantics-based detection of similar Android applications," in Proc. of Esorics, 2013.

[6]

H. Wang, Y. Guo, Z. Ma, and X. Chen, "WuKong: A scalable and accurate two-phase approach to Android app clone detection," in Proceedings of the 2015 International Symposium on Software Testing and Analysis, ser. ISSTA '15, 2015, pp. 71--82.

Digital Library

[7]

Z. Ma, H. Wang, Y. Guo, and X. Chen, "LibRadar: fast and accurate detection of third-party libraries in Android apps," in Proceedings of the 38th International Conference on Software Engineering (Demo Track), ser. ICSE '16 Companion Volume, 2016, pp. 653--656.

Digital Library

[8]

L. Li, T. F. Bissyandé, J. Klein, and Y. Le Traon, "An investigation into the use of common libraries in Android apps," in Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, ser. SANER '16, 2016.

[9]

K. Chen, X. Wang, Y. Chen, P. Wang, Y. Lee, X. Wang, B. Ma, A. Wang, Y. Zhang, and W. Zhou, "Following devils footprints: Cross-platform analysis of potentially harmful libraries on Android and iOS," in Proceedings of the 37th IEEE Symposium on Security and Privacy, ser. S&P '16, 2016.

[10]

"Openstack," https://www.openstack.org/.

[11]

"The Java tutorial: What is a package?" https://docs.oracle.com/javase/tutorial/java/concepts/package.html.

[12]

W. Zhou, Y. Zhou, M. Grace, X. Jiang, and S. Zou, "Fast, scalable detection of "piggybacked" mobile applications," in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, ser. CODASPY '13, 2013, pp. 185--196.

Digital Library

[13]

J. Crussell, C. Gibler, and H. Chen, "Attack of the clones: Detecting cloned applications on Android markets," in Proceedings of the 17th European Symposium on Research in Computer Security, ser. ESORICS '12, 2012, pp. 37--54.

[14]

F. Zhang, H. Huang, S. Zhu, D. Wu, and P. Liu, "ViewDroid: Towards obfuscation-resilient mobile application repackaging detection," in Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless and Mobile Networks, ser. WiSec '14, 2014, pp. 25--36.

Digital Library

[15]

C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, "Smart-droid: an automatic system for revealing ui-based trigger conditions in Android applications," in Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, ser. SPSM '12, 2012, pp. 93--104.

Digital Library

[16]

"Apktool," http://ibotpeaches.github.io/Apktool/, 2016.

[17]

L. Adesnos, "Androguard," 2016, accessed: 2016-03-21. {Online}. Available: https://github.com/androguard/androguard

[18]

Trendmicro, "Setting the record straight on Moplus SDK and the Wormhole vulnerability," http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/.

[19]

Google, "Android security white paper," https://static.googleusercontent.com/media/enterprise.google.com/en//android/files/android-for-work-security-white-paper.pdf.

[20]

Google, "How we keep harmful apps out of Google Play and keep your Android device safe," https://static.googleusercontent.com/media/source.android.com/en//security/reports/Android_WhitePaper_Final_02092016.pdf.

[21]

"Proguard," https://www.guardsquare.com/proguard.

[22]

"Dexguard," https://www.guardsquare.com/dexguard.

[23]

"Dash-O," https://www.preemptive.com/products/dasho/overview.

[24]

"Dexprotector," https://dexprotector.com/.

[25]

S. K. Udupa, S. K. Debray, and M. Madou, "Deobfuscation: reverse engineering obfuscated code," in Proccedings of the 12th Working Conference on Reverse Engineering, ser. WCRE '05, 2005.

Digital Library

[26]

D. Low, "Java control flow obfuscation," Ph.D. dissertation, The University of Auckland, 1998.

[27]

T. Kamiya, S. Kusumoto, and K. Inoue, "CCFinder: A multilinguistic token-based code clone detection system for large scale source code," IEEE Trans. Softw. Eng., vol. 28, no. 7, pp. 654--670, Jul. 2002.

Digital Library

[28]

Z. Li, S. Lu, S. Myagmar, and Y. Zhou, "CP-Miner: A tool for finding copy-paste and related bugs in operating system code," in Proceedings of the 6th Conference on Symposium on Opearting Systems Design and Implementation, ser. OSDI'04, 2004.

Digital Library

[29]

L. Jiang, G. Misherghi, Z. Su, and S. Glondu, "DECKARD: Scalable and accurate tree-based detection of code clones," in Proceedings of the 29th International Conference on Software Engineering, ser. ICSE '07, 2007, pp. 96--105.

Digital Library

[30]

R. Komondoor and S. Horwitz, "Using slicing to identify duplication in source code," in Proceedings of the 8th International Symposium on Static Analysis, ser. SAS '01, 2001, pp. 40--56.

Digital Library

[31]

L. Luo, J. Ming, D. Wu, P. Liu, and S. Zhu, "Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection," in Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, ser. FSE '14, 2014, pp. 389--400.

Digital Library

[32]

J. Pewny, B. Garmany, R. Gawlik, C. Rossow, and T. Holz, "Cross-architecture bug search in binary executables," in Proceedings of the 2015 IEEE Symposium on Security and Privacy, ser. S&P '15, 2015, pp. 709--724.

Digital Library

[33]

T. Book, A. Pridgen, and D. S. Wallach, "Longitudinal analysis of Android ad library permissions," CoRR, vol. abs/1303.0857, 2013.

[34]

M. C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, "Unsafe exposure analysis of mobile in-app advertisements," in Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, ser. WiSec '12, 2012, pp. 101--112.

Digital Library

[35]

A. Narayanan, L. Chen, and C. K. Chan, "Addetect: Automated detection of Android ad libraries using semantic analysis," in Proceedings of the 9th IEEE International Conference on Intelligent Sensors, Sensor Networks and Information Processing, ser. ISSNIP '14, 2014.

[36]

C. Gibler, R. Stevens, J. Crussell, H. Chen, H. Zang, and H. Choi, "Adrob: examining the landscape and impact of Android application plagiarism," in Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services, ser. MobiSys '13, 2013, pp. 431--444.

Digital Library

[37]

M. Linares-Vásquez, A. Holtzhauer, C. Bernal-Cárdenas, and D. Poshyvanyk, "Revisiting Android reuse studies in the context of code obfuscation and library usages," in Proceedings of the 11th Working Conference on Mining Software Repositories. ACM, 2014, pp. 242--251.

Digital Library

[38]

M. Linares-Vásquez, A. Holtzhauer, and D. Poshyvanyk, "On automatically detecting similar Android apps," in Program Comprehension (ICPC), 2016 IEEE 24th International Conference on. IEEE, 2016, pp. 1--10.

[39]

J. Crussell, C. Gibler, and H. Chen, "Andarwin: Scalable detection of semantically similar Android applications," in Proceedings of the 18th European Symposium on Research in Computer Security, ser. ESORICS '13, 2013, pp. 182--199.

[40]

J. Crussell, C. Gibler, and H. Chen, "Attack of the clones: Detecting cloned applications on Android markets," in European Symposium on Research in Computer Security, 2012, pp. 37--54.

[41]

S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, "Juxtapp: A scalable system for detecting code reuse among Android applications," in Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2012, pp. 62--81.

Digital Library

[42]

A. Paturi, P. G. Kelley, and S. Mazumdar, "Introducing privacy threats from ad libraries to Android users through privacy granules," in Proceedings of NDSS Workshop on Usable Security (USEC'15). Internet Society, 2015.

[43]

R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen, "Investigating user privacy in Android ad libraries," in Workshop on Mobile Security Technologies (MoST), 2012, p. 10.

[44]

X. Jin, X. Hu, K. Ying, W. Du, H. Yin, and G. N. Peri, "Code injection attacks on HTML5-based mobile apps: Characterization, detection and mitigation," in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '14, 2014, pp. 66--77.

Digital Library

[45]

D. Sounthiraraj, J. Sahs, G. Greenwood, Z. Lin, and L. Khan, "SMV-HUNTER: Large scale, automated detection of SSL/TLS man-in-the-middle vulnerabilities in Android apps," in In Proceedings of the 21st Annual Network and Distributed System Security Symposium, ser. NDSS '14, 2014.

[46]

T. Li, X. Zhou, L. Xing, Y. Lee, M. Naveed, X. Wang, and X. Han, "Mayhem in the push clouds: Understanding and mitigating security hazards in mobile push-messaging services," in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS '14, 2014, pp. 978--989.

Digital Library

Cited By

Zhang ZLuo SLu YPan L(2025)Obfuscation-resilient detection of Android third-party libraries using multi-scale code dependency fusionInformation Fusion10.1016/j.inffus.2024.102908117:COnline publication date: 1-May-2025
https://dl.acm.org/doi/10.1016/j.inffus.2024.102908
Xie ZWen MLi TZhu YHou QJin HFilkov VRay BZhou M(2024)How Does Code Optimization Impact Third-party Library Detection for Android Applications?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695554(1919-1931)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695554
Xiao YNadkarni ALiao XTorres-Arias SDe Carli LZhang Y(2024)Enhancing Transparency and Accountability of TPLs with PBOM: A Privacy Bill of MaterialsProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696159(1-11)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689944.3696159
Show More Cited By

Recommendations

WuKong: a scalable and accurate two-phase approach to Android app clone detection
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and Analysis

Repackaged Android applications (app clones) have been found in many third-party markets, which not only compromise the copyright of original authors, but also pose threats to security and privacy of mobile users. Both fine-grained and coarse-grained ...
Beyond Google Play: A Large-Scale Comparative Study of Chinese Android App Markets
IMC '18: Proceedings of the Internet Measurement Conference 2018

China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores ...
LibID: reliable identification of obfuscated third-party Android libraries
ISSTA 2019: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis

Third-party libraries are vital components of Android apps, yet they can also introduce serious security threats and impede the accuracy and reliability of app analysis tasks, such as app clone detection. Several library detection approaches have been ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '17: Proceedings of the 39th International Conference on Software Engineering

May 2017

816 pages

ISBN:9781538638682

General Chair:
Sebastian Uchitel
University of Buenos Aires, Argentina and Imperial College London, UK
,
Program Chairs:
Alessandro Orso
Georgia Institute of Technology
,
Martin Robillard
McGill University, Canada

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS: Computer Society
SADIO: SADIO

Publisher

IEEE Press

Publication History

Published: 20 May 2017

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '17

Sponsor:

SIGSOFT
IEEE-CS
SADIO

ICSE '17: 39th International Conference on Software Engineering

May 20 - 28, 2017

Buenos Aires, Argentina

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
370
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang ZLuo SLu YPan L(2025)Obfuscation-resilient detection of Android third-party libraries using multi-scale code dependency fusionInformation Fusion10.1016/j.inffus.2024.102908117:COnline publication date: 1-May-2025
https://dl.acm.org/doi/10.1016/j.inffus.2024.102908
Xie ZWen MLi TZhu YHou QJin HFilkov VRay BZhou M(2024)How Does Code Optimization Impact Third-party Library Detection for Android Applications?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695554(1919-1931)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695554
Xiao YNadkarni ALiao XTorres-Arias SDe Carli LZhang Y(2024)Enhancing Transparency and Accountability of TPLs with PBOM: A Privacy Bill of MaterialsProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696159(1-11)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689944.3696159
Xiao YZhang CQin YAlharbi FXing LLiao XLuo BLiao XXu JKirda ELie D(2024)Measuring Compliance Implications of Third-party Libraries' Privacy Label Disclosure GuidelinesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670371(1641-1655)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670371
Lu YHou WPan MLi XSu Z(2024)Understanding and Finding Java Decompiler BugsProceedings of the ACM on Programming Languages10.1145/36498608:OOPSLA1(1380-1406)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649860
Jiang LAn JHuang HTang QNie SWu SZhang YRoychoudhury APaiva AAbreu RStorey M(2024)BinaryAI: Binary Software Composition Analysis via Intelligent Binary Source Code MatchingProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639100(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639100
Chen SLang BLiu HChen YSong Y(2024)Android malware detection method based on graph attention networks and deep fusion of multimodal featuresExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121617237:PCOnline publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121617
Wu YSun CZeng DTan GMa SWang PCalandrino JTroncoso C(2023)LibScanProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620427(3385-3402)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620427
Xinyu LZe JJiaxi LWei LXiaoxi WQixu L(2023)ANDetect: A Third-party Ad Network Libraries Detection Framework for Android ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627182(98-112)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627182
Li SWang YDong CYang SLi HSun HLang ZChen ZWang WZhu HSun L(2023)LibAM: An Area Matching Framework for Detecting Third-Party Libraries in BinariesACM Transactions on Software Engineering and Methodology10.1145/362529433:2(1-35)Online publication date: 23-Dec-2023
https://dl.acm.org/doi/10.1145/3625294
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten