Skip to main content
SpringerLink
Log in

Identify and Inspect Libraries in Android Applications

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Libraries may become a liability for users security. Existing studies show that libraries can be exploited to propagate malware. Hackers utilize fake or modified libraries to execute malicious behaviours. Vetting library instances in applications are desirable. However, it is impeded by the absence of robust library detection method and library vetting method. This paper proposes a hybrid library detection method that it combines name-based method and feature-based method to identify library instances in applications. It can resist simple identifier renaming. Furthermore, this paper proposes an abnormal library detection method that it utilizes frequent pattern to measure the normal degree of library instances. Comparing with existing methods, the abnormal library detection method can not rely on original library files. A ground truth dataset that it consists of 177 malicious applications with abnormal library instance and 81,317 benign apps is used to demonstrate the effectiveness of proposed approaches. Experimental results show that the approaches can precisely detect library instances and effectively reduce the cost of abnormal library detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Wang, H., Guo, Y., Ma, Z., & Chen, X. (2015). WuKong: A scalable and accurate two-phase approach to Android app clone detection. In Proceedings of the 2015 international symposium on software testing and analysis (pp. 71–82). ACM.

  2. Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M. S., Conti, M., et al. (2015). Android security: A survey of issues, malware penetration, and defenses. IEEE Communications Surveys and Tutorials, 17(2), 998–1022.

    Article  Google Scholar 

  3. Li, L., Bissyand, T. F., Klein, J., & Traon, Y. L. (2015). An Investigation into the Use of Common Libraries in Android Apps. Preprint arXiv:1511.06554.

  4. Hu, W., Octeau, D., McDaniel, P. D., & Liu, P. (2014). Duet: Library integrity verification for android applications. In Proceedings of the 2014 ACM conference on security and privacy in wireless and mobile networks (pp. 141–152). ACM.

  5. Backes, M., Bugiel, S., & Derr, E. (2016). Reliable Third-Party Library Detection in Android and its Security Applications. In Proceedings of the 23rd ACM conference on computer and communication security (CCS16) (pp. 356–367). ACM.

  6. ProGuard. (2017). http://developer.android.com/tools/help/proguard.html.

  7. Li, L., Li, D., Bissyand, T. F., Klein, J., Traon, Y. L., Lo, D., et al. (2017). Understanding android app piggybacking: A systematic study of malicious code grafting. IEEE Transactions on Information Forensics and Security, 12(6), 1269–1284. https://doi.org/10.1109/TIFS.2017.2656460.

    Article  Google Scholar 

  8. Zhou, Y., & Jiang, X. (2012). Dissecting android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy (SP) (pp. 95–109). IEEE.

  9. He, Z., Xu, X., Huang, J. Z., & Deng, S. (2005). FP-outlier: Frequent pattern based outlier detection. Computer Science and Information Systems, 2(1), 103–118.

    Article  Google Scholar 

  10. Zhang, W., Wu, J., & Yu, J. (2010). An improved method of outlier detection based on frequent pattern. In 2010 WASE international conference on information engineering (ICIE) (Vol. 2, pp. 3–6). IEEE.

  11. Virustotal—free online virus, malware and url scanner. (2017). www.virustotal.com.

  12. Liu, B., Liu, B., Jin, H., & Govindan, R. (2015). Efficient privilege de-escalation for ad libraries in mobile apps. In Proceedings of the 13th annual international conference on mobile systems, applications, and services (pp. 89–103). ACM

  13. Sarma, B. P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., & Molloy, I. (2012). Android permissions: A perspective combining risks and benefits. In Proceedings of the 17th ACM symposium on access control models and technologies (pp. 13–22). ACM.

  14. Nan, Y., Yang, M., Yang, Z., Zhou, S., Gu, G., & Wang, X. (2015). Uipicker: User-input privacy identification in mobile applications. In USENIX Security (pp. 993–1008).

  15. Short, A., & Li, F. (2014). Android smartphone third party advertising library data leak analysis. In 2014 IEEE 11th international conference on mobile ad hoc and sensor systems (MASS) (pp. 749–754). IEEE.

  16. Demetriou, S., Merrill, W., Yang, W., Zhang, A., & Gunter, C. (2016). A. Free for all! assessing user data exposure to advertising libraries on android. In Proceedings of the 23th annual network and distributed system security symposium (NDSS), San Diego, California, USA, February 21–24, 2016.

  17. Derr, E., Bugiel, S., Fahl, S., Acar, Y., & Backes, M. (2017). Keep me updated: An empirical study of third-party library updatability on android. In Proceedings of the 24rd ACM conference on computer and communication security (CCS17) (pp. 2187–2200). ACM.

  18. Li, M., Wang, W., Wang, P., Wang, S., Wu, D., Liu, J., et al. (2017). LibD: Scalable and precise third-party library detection in android markets. Paper presented at the Proceedings of the 39th International Conference on Software Engineering, Buenos Aires, Argentina.

  19. Ma, Z., Wang, H., Guo, Y., & Chen, X. (2016). LibRadar: Fast and accurate detection of third-party libraries in Android apps. In Proceedings of the 38th international conference on software engineering companion (pp. 653–656). ACM.

  20. Wang, F., Zhang, Y., Wang, K., Liu, P., & Wang, W. (2016). Stay in Your Cage! A Sound Sandbox for Third-Party Libraries on Android. In I. Askoxylakis, S. Ioannidis, S. Katsikas, & C. Meadows (Eds.), Computer Security ESORICS 2016: 21st European symposium on research in computer security, Heraklion, Greece, September 26–30, 2016, Proceedings (pp. 458–476). Cham: Springer International Publishing.

Download references

Acknowledgements

This work is supported by the National Key Research and Development Program of China (No. 2016YFB0800402), National Natural Science Foundation of China under Grants 61572221, U1401258, 61433006, 61300222, 61370230 and 61173170, Innovation Fund of Huazhong University of Science and Technology under grants 2015TS069 and 2015TS071, Science and Technology Support Program of Hubei Province under Grant 2015AAA013 and 2014BCH270, and Science and Technology Program of Guangdong Province under Grant 2014B010111007.

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, 430074, China

    Hongmu Han, Ruixuan Li & Junwei Tang

Authors
  1. Hongmu Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruixuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junwei Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruixuan Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Han, H., Li, R. & Tang, J. Identify and Inspect Libraries in Android Applications. Wireless Pers Commun 103, 491–503 (2018). https://doi.org/10.1007/s11277-018-5456-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-018-5456-4

Keywords

Search

Navigation