TY - GEN
T1 - An empirical study of potentially malicious third-party libraries in Android apps
AU - Zhang, Zicheng
AU - Diao, Wenrui
AU - Hu, Chengyu
AU - Guo, Shanqing
AU - Zuo, Chaoshun
AU - Li, Li
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/7/8
Y1 - 2020/7/8
N2 - The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.
AB - The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.
KW - Android apps
KW - malicious third-party libraries
KW - malware
UR - https://www.scopus.com/pages/publications/85091995350
U2 - 10.1145/3395351.3399346
DO - 10.1145/3395351.3399346
M3 - 会议稿件
AN - SCOPUS:85091995350
T3 - WiSec 2020 - Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 144
EP - 154
BT - WiSec 2020 - Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery
T2 - 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2020
Y2 - 8 July 2020 through 10 July 2020
ER -