LibD: Scalable and precise third-party library detection in android markets

Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, Wei Huo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Scopus citations

Abstract

With the thriving of the mobile app markets, third-party libraries are pervasively integrated in the Android applications. Third-party libraries provide functionality such as advertisements, location services, and social networking services, making multi-functional app development much more productive. However, the spread of vulnerable or harmful third-party libraries may also hurt the entire mobile ecosystem, leading to various security problems. The Android platform suffers severely from such problems due to the way its ecosystem is constructed and maintained. Therefore, third-party Android library identification has emerged as an important problem which is the basis of many security applications such as repackaging detection and malware analysis. According to our investigation, existing work on Android library detection still requires improvement in many aspects, including accuracy and obfuscation resilience. In response to these limitations, we propose a novel approach to identifying third-party Android libraries. Our method utilizes the internal code dependencies of an Android app to detect and classify library candidates. Different from most previous methods which classify detected library candidates based on similarity comparison, our method is based on feature hashing and can better handle code whose package and method names are obfuscated. Based on this approach, we have developed a prototypical tool called LibD and evaluated it with an update-To-date and large-scale dataset. Our experimental results on 1,427,395 apps show that compared to existing tools, LibD can better handle multi-package third-party libraries in the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages335-346
Number of pages12
ISBN (Electronic)9781538638682
DOIs
StatePublished - Jul 19 2017
Event39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 - Buenos Aires, Argentina
Duration: May 20 2017May 28 2017

Publication series

NameProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

Other

Other39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
CountryArgentina
CityBuenos Aires
Period5/20/175/28/17

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software

Cite this

Li, M., Wang, W., Wang, P., Wang, S., Wu, D., Liu, J., Xue, R., & Huo, W. (2017). LibD: Scalable and precise third-party library detection in android markets. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017 (pp. 335-346). [7985674] (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE.2017.38