LibSift: Automated detection of third-party libraries in android applications

Charlie Soh; Hee Beng Kuan Tan; Yauhen Leanidavich Arnatovich; Annamalai Narayanan; Lipo Wang

doi:10.1109/APSEC.2016.017

LibSift: Automated detection of third-party libraries in android applications

Charlie Soh, Hee Beng Kuan Tan, Yauhen Leanidavich Arnatovich, Annamalai Narayanan, Lipo Wang

Nanyang Technological University

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

15 Citations (Scopus)

Abstract

Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.

Original language	English
Title of host publication	Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016
Editors	Alex Potanin, Gail C. Murphy, Steve Reeves, Jens Dietrich
Publisher	IEEE Computer Society
Pages	41-48
Number of pages	8
ISBN (Electronic)	9781509055753
DOIs	https://doi.org/10.1109/APSEC.2016.017
Publication status	Published - 2 Jul 2016
Externally published	Yes
Event	23rd Asia-Pacific Software Engineering Conference, APSEC 2016 - Hamilton, New Zealand Duration: 6 Dec 2016 → 9 Dec 2016

Publication series

Name	Proceedings - Asia-Pacific Software Engineering Conference, APSEC
Volume	0
ISSN (Print)	1530-1362

Conference

Conference	23rd Asia-Pacific Software Engineering Conference, APSEC 2016
Country/Territory	New Zealand
City	Hamilton
Period	6/12/16 → 9/12/16

Keywords

Android
Libraries
Security

Access to Document

10.1109/APSEC.2016.017

Cite this

Soh, C., Tan, H. B. K., Arnatovich, Y. L., Narayanan, A., & Wang, L. (2016). LibSift: Automated detection of third-party libraries in android applications. In A. Potanin, G. C. Murphy, S. Reeves, & J. Dietrich (Eds.), Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016 (pp. 41-48). Article 7890569 (Proceedings - Asia-Pacific Software Engineering Conference, APSEC; Vol. 0). IEEE Computer Society. https://doi.org/10.1109/APSEC.2016.017

Soh, Charlie ; Tan, Hee Beng Kuan ; Arnatovich, Yauhen Leanidavich et al. / LibSift : Automated detection of third-party libraries in android applications. Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016. editor / Alex Potanin ; Gail C. Murphy ; Steve Reeves ; Jens Dietrich. IEEE Computer Society, 2016. pp. 41-48 (Proceedings - Asia-Pacific Software Engineering Conference, APSEC).

@inproceedings{c0f007134dea4d92b39670377c74dcd8,

title = "LibSift: Automated detection of third-party libraries in android applications",

abstract = "Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.",

keywords = "Android, Libraries, Security",

author = "Charlie Soh and Tan, {Hee Beng Kuan} and Arnatovich, {Yauhen Leanidavich} and Annamalai Narayanan and Lipo Wang",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 23rd Asia-Pacific Software Engineering Conference, APSEC 2016 ; Conference date: 06-12-2016 Through 09-12-2016",

year = "2016",

month = jul,

day = "2",

doi = "10.1109/APSEC.2016.017",

language = "English",

series = "Proceedings - Asia-Pacific Software Engineering Conference, APSEC",

publisher = "IEEE Computer Society",

pages = "41--48",

editor = "Alex Potanin and Murphy, {Gail C.} and Steve Reeves and Jens Dietrich",

booktitle = "Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016",

}

Soh, C, Tan, HBK, Arnatovich, YL, Narayanan, A & Wang, L 2016, LibSift: Automated detection of third-party libraries in android applications. in A Potanin, GC Murphy, S Reeves & J Dietrich (eds), Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016., 7890569, Proceedings - Asia-Pacific Software Engineering Conference, APSEC, vol. 0, IEEE Computer Society, pp. 41-48, 23rd Asia-Pacific Software Engineering Conference, APSEC 2016, Hamilton, New Zealand, 6/12/16. https://doi.org/10.1109/APSEC.2016.017

LibSift: Automated detection of third-party libraries in android applications. / Soh, Charlie; Tan, Hee Beng Kuan; Arnatovich, Yauhen Leanidavich et al.
Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016. ed. / Alex Potanin; Gail C. Murphy; Steve Reeves; Jens Dietrich. IEEE Computer Society, 2016. p. 41-48 7890569 (Proceedings - Asia-Pacific Software Engineering Conference, APSEC; Vol. 0).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - LibSift

T2 - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016

AU - Soh, Charlie

AU - Tan, Hee Beng Kuan

AU - Arnatovich, Yauhen Leanidavich

AU - Narayanan, Annamalai

AU - Wang, Lipo

PY - 2016/7/2

Y1 - 2016/7/2

N2 - Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.

AB - Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.

KW - Android

KW - Libraries

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85018520124&partnerID=8YFLogxK

U2 - 10.1109/APSEC.2016.017

DO - 10.1109/APSEC.2016.017

M3 - Conference Proceeding

AN - SCOPUS:85018520124

T3 - Proceedings - Asia-Pacific Software Engineering Conference, APSEC

SP - 41

EP - 48

BT - Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016

A2 - Potanin, Alex

A2 - Murphy, Gail C.

A2 - Reeves, Steve

A2 - Dietrich, Jens

PB - IEEE Computer Society

Y2 - 6 December 2016 through 9 December 2016

ER -

Soh C, Tan HBK, Arnatovich YL, Narayanan A, Wang L. LibSift: Automated detection of third-party libraries in android applications. In Potanin A, Murphy GC, Reeves S, Dietrich J, editors, Proceedings - 23rd Asia-Pacific Software Engineering Conference, APSEC 2016. IEEE Computer Society. 2016. p. 41-48. 7890569. (Proceedings - Asia-Pacific Software Engineering Conference, APSEC). doi: 10.1109/APSEC.2016.017

LibSift: Automated detection of third-party libraries in android applications

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this