Explore a comprehensive analysis of third-party library detection in Android applications and its security implications in this conference talk presented at CCS 2016. Delve into the challenges of app security research, library integration, and fragmentation. Learn about the creation of a library database and the process of library profiling, including profile generation and matching techniques. Examine the app and library release intervals, and understand the impact of library version fragmentation on security. Discover methods for detecting vulnerable libraries and gain insights into crypto API (in)security. Enhance your understanding of Android app security and the critical role of third-party library management in maintaining a secure mobile ecosystem.
Reliable Third-Party Library Detection in Android and its Security Applications
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Motivation: App Security Research
Library Integration
Status Quo?
Motivation: Library Fragmentation
Library Database
Library Profiling
(2) Profile Generation
(2) Method Hash
Profile Matching
Profile Uniqueness
App / Library Release Interval
Library Study
Library Version Fragmentation
Vulnerable Library Detection
Recap: App Security Research
Crypto API (In)security
Conclusion
Taught by
ACM CCS
