An empirical study of potentially malicious third-party libraries in Android apps

Zicheng Zhang, Wenrui Diao, Chengyu Hu, Shanqing Guo, Chaoshun Zuo, Li Li

Research output: Chapter in Book/Report/Conference proceedingConference PaperOtherpeer-review

4 Citations (Scopus)


The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.

Original languageEnglish
Title of host publicationProceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks
EditorsMatthias Hollick, Wenjing Lou, Max Maaß, Yao Zheng
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Number of pages11
ISBN (Electronic)9781450380065
Publication statusPublished - 2020
EventACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 - Virtual, Linz, Austria
Duration: 8 Jul 202010 Jul 2020
Conference number: 13th
http://ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 (Website) (Proceedings)


ConferenceACM Conference on Security and Privacy in Wireless and Mobile Networks 2020
Abbreviated titleWiSec 2020
Internet address


  • Android apps
  • malicious third-party libraries
  • malware

Cite this