该研究提出了一种名为LibSift的工具,用于自动检测Android应用程序中的第三方库。鉴于第三方库可能引入隐私风险和安全威胁,LibSift通过依赖关系分析来识别这些库,即使在面临常见混淆技术的情况下也能保持高准确性和有效性。实验结果显示,LibSift不仅能准确检测到流行库,还能发现一些现有方法无法检测到的不常见库。
摘要:
Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.
展开
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
