An empirical study of potentially malicious third-party libraries in Android apps

Zicheng Zhang; Wenrui Diao; Chengyu Hu; Shanqing Guo; Chaoshun Zuo; Li Li

doi:10.1145/3395351.3399346

An empirical study of potentially malicious third-party libraries in Android apps

Zicheng Zhang, Wenrui Diao, Chengyu Hu, Shanqing Guo, Chaoshun Zuo, Li Li

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other › peer-review

Abstract

The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.

Original language	English
Title of host publication	Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks
Editors	Matthias Hollick, Wenjing Lou, Max Maaß, Yao Zheng
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	144-154
Number of pages	11
ISBN (Electronic)	9781450380065
DOIs	https://doi.org/10.1145/3395351.3399346
Publication status	Published - 2020
Event	ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 - Virtual, Linz, Austria Duration: 8 Jul 2020 → 10 Jul 2020 Conference number: 13th http://ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 (Website) https://dl.acm.org/doi/proceedings/10.1145/3395351 (Proceedings)

Conference

Conference	ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020
Abbreviated title	WiSec 2020
Country	Austria
City	Linz
Period	8/07/20 → 10/07/20
Internet address	http://ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020 (Website) https://dl.acm.org/doi/proceedings/10.1145/3395351 (Proceedings)

Keywords

Android apps
malicious third-party libraries
malware

Access to Document

10.1145/3395351.3399346

Link to publication in Scopus

Cite this

Zhang, Z., Diao, W., Hu, C., Guo, S., Zuo, C., & Li, L. (2020). An empirical study of potentially malicious third-party libraries in Android apps. In M. Hollick, W. Lou, M. Maaß, & Y. Zheng (Eds.), Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks (pp. 144-154). Association for Computing Machinery (ACM). https://doi.org/10.1145/3395351.3399346

Zhang, Zicheng ; Diao, Wenrui ; Hu, Chengyu ; Guo, Shanqing ; Zuo, Chaoshun ; Li, Li. / An empirical study of potentially malicious third-party libraries in Android apps. Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks. editor / Matthias Hollick ; Wenjing Lou ; Max Maaß ; Yao Zheng. New York NY USA : Association for Computing Machinery (ACM), 2020. pp. 144-154

@inproceedings{dff05ee3544f475184276b94fdfbbd8c,

title = "An empirical study of potentially malicious third-party libraries in Android apps",

abstract = "The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks. ",

keywords = "Android apps, malicious third-party libraries, malware",

author = "Zicheng Zhang and Wenrui Diao and Chengyu Hu and Shanqing Guo and Chaoshun Zuo and Li Li",

year = "2020",

doi = "10.1145/3395351.3399346",

language = "English",

pages = "144--154",

editor = "Hollick, {Matthias } and Lou, {Wenjing } and Maa{\ss}, {Max } and Zheng, {Yao }",

booktitle = "Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

note = "ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020, WiSec 2020 ; Conference date: 08-07-2020 Through 10-07-2020",

url = "http://ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020, https://dl.acm.org/doi/proceedings/10.1145/3395351",

}

Zhang, Z, Diao, W, Hu, C, Guo, S, Zuo, C & Li, L 2020, An empirical study of potentially malicious third-party libraries in Android apps. in M Hollick, W Lou, M Maaß & Y Zheng (eds), Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks. Association for Computing Machinery (ACM), New York NY USA, pp. 144-154, ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020, Linz, Austria, 8/07/20. https://doi.org/10.1145/3395351.3399346

An empirical study of potentially malicious third-party libraries in Android apps. / Zhang, Zicheng; Diao, Wenrui; Hu, Chengyu; Guo, Shanqing; Zuo, Chaoshun; Li, Li.

Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks. ed. / Matthias Hollick; Wenjing Lou; Max Maaß; Yao Zheng. New York NY USA : Association for Computing Machinery (ACM), 2020. p. 144-154.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Other › peer-review

TY - GEN

T1 - An empirical study of potentially malicious third-party libraries in Android apps

AU - Zhang, Zicheng

AU - Diao, Wenrui

AU - Hu, Chengyu

AU - Guo, Shanqing

AU - Zuo, Chaoshun

AU - Li, Li

N1 - Conference code: 13th

PY - 2020

Y1 - 2020

N2 - The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.

AB - The rapid development of Android apps primarily benefits from third-party libraries that provide well-encapsulated functionalities. On the other hand, more and more malicious libraries are discovered in the wild, which brings new security challenges. Despite some previous studies focusing on the malicious libraries, however, most of them only study specific types of libraries or individual cases. The security community still lacks a comprehensive understanding of potentially malicious libraries (PMLs) in the wild. In this paper, we systematically study the PMLs based on a large-scale APK dataset (over 500K samples), including extraction, identification, and comprehensive analysis. On the high-level, we conducted a two-stage study. In the first stage, to collect enough analyzing samples, we designed an automatic tool to extract libraries and identify PMLs. In the second stage, we conducted a comprehensive study of the obtained PMLs. Notably, we analyzed four representative aspects of PMLs: library repackaging, exposed behaviors, permissions, and developer connections. Several interesting facts were discovered. We believe our study will provide new knowledge of malicious libraries and help design targets defense solutions to mitigate the corresponding security risks.

KW - Android apps

KW - malicious third-party libraries

KW - malware

UR - http://www.scopus.com/inward/record.url?scp=85091995350&partnerID=8YFLogxK

U2 - 10.1145/3395351.3399346

DO - 10.1145/3395351.3399346

M3 - Conference Paper

AN - SCOPUS:85091995350

SP - 144

EP - 154

BT - Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks

A2 - Hollick, Matthias

A2 - Lou, Wenjing

A2 - Maaß, Max

A2 - Zheng, Yao

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

T2 - ACM Conference on Security and Privacy in Wireless and Mobile Networks 2020

Y2 - 8 July 2020 through 10 July 2020

ER -

Zhang Z, Diao W, Hu C, Guo S, Zuo C, Li L. An empirical study of potentially malicious third-party libraries in Android apps. In Hollick M, Lou W, Maaß M, Zheng Y, editors, Proceedings of the 13th ACM Conference on Security and Privacy inWireless and Mobile Networks. New York NY USA: Association for Computing Machinery (ACM). 2020. p. 144-154 https://doi.org/10.1145/3395351.3399346