Abstract
The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.
Original language | English |
---|---|
Title of host publication | Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks |
Editors | Matthias Hollick, Wenjing Lou, Max Maaß, Yao Zheng |
Place of Publication | New York NY USA |
Publisher | Association for Computing Machinery (ACM) |
Pages | 144-154 |
Number of pages | 11 |
ISBN (Electronic) | 9781450380065 |
DOIs | |
Publication status | Published - 2020 |
Event | ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 - Virtual, Linz, Austria Duration: 8 Jul 2020 → 10 Jul 2020 Conference number: 13th http://ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 (Website) https://dl.acm.org/doi/proceedings/10.1145/3395351 (Proceedings) |
Conference
Conference | ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 |
---|---|
Abbreviated title | WiSec 2020 |
Country/Territory | Austria |
City | Linz |
Period | 8/07/20 → 10/07/20 |
Internet address |
Keywords
- Android apps
- malicious third-party libraries
- malware