Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Impact of Third-party Code on Android App Security

USENIX Enigma Conference via YouTube

Overview

Explore the impact of third-party code on Android app security in this 19-minute conference talk from USENIX Enigma 2018. Delve into the challenges of detecting third-party libraries in Android applications, especially when faced with code obfuscation and minification techniques. Learn about a novel library detection approach that can pinpoint exact library versions, and discover the implications of outdated libraries on app vulnerability. Examine the slow adoption of new library versions by app developers and the persistence of known security vulnerabilities in popular libraries. Investigate the potential for automatic patching of vulnerable versions and consider the obstacles to improving the current security landscape in Android app development. Gain valuable insights into the double-edged nature of third-party libraries, balancing code reuse benefits against increased attack surface risks.

Syllabus

Intro
Third-party Code - A Double-edged Sword
Risk Estimation
Quantify Security Impact
Detection Challenges on Android
Common Analysis Approach
Code Structure Detection
Profiling Apps & Libraries
Method Hashing
Profile Matching
Measuring Library Outdatedness
Vulnerability Lifetime
Call for Action
Takeaways

Taught by

USENIX Enigma Conference

Reviews

Start your review of The Impact of Third-party Code on Android App Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.