Detecting Third-Party Libraries in Android Applications at Runtime

Context

Nowadays, we built software that includes third-party libraries to speed up the development process. However, these libraries can introduce security vulnerabilities into the software. Therefore, it is essential to detect the third-party libraries in the software to analyze their security implications.

Motivation

The detection of third-party libraries in software is essential to analyze the security implications of these libraries. However, the detection of third-party libraries in software is challenging because the libraries are often obfuscated. Therefore, it is essential to develop a technique to detect third-party libraries in software at runtime.

Goal

What do we want to achieve?

• Develop a technique to detect third-party libraries in Android applications at runtime.

What do we want the student to deliver?

• An analysis of existing third-party library detection methods.
• A tool that detects third-party libraries in Android applications at runtime.

Requirements

What do we want the student to bring to the project?

• Programming skills in Python and Java
• Basic Knowledge about Machine Learning or Code Similarity
• Interest for Mobile Software Engineering
• Interest in Reverse Engineering and Dynamic Code Analysis

Pointers

What resources and other related work could help the student to work on this project?

•  Automated third-party library detection for Android applications: are we there yet?
•  ATVHunter
•  Research on Third-Party Libraries in Android Apps: A Taxonomy and Systematic Literature Review
•  DexRay
•  DexBert