Scalable third-party libraries detection in Android markets

Android apps use Third-party Libraries (3PLs) such as advertisement, social-networking and analytics libraries for monetization and catering other developer- and user-centric services. Recent research reveals that many 3PLs (including popular ones) involve in privacy leaks and contain vulnerabilities posing serious threats to users’ security and privacy. Besides this, including 3PL code with main apps’ code in tasks such a clone and malware detection, reportedly, reduces their precision. Hence, detecting and removing/vetting such 3PLs is a useful task to multiple stakeholders including security analysts and market curators. Owing to such issues, automated detection of 3PLs evolved as an important research problem, with several methods proposed recently. To this end, we implement a recent state-of-the-art Android 3PL detection technique named WuKong [5]. It follows a semantics-based clustering approach to automatically identify 3PLs from a large corpus of 100,000 apps. Once, 3PLs are detected, we systematically evaluate the impact of removing 3PLs from an application task, namely, malware detection. To this end, we use the tool named Drebin [20] to perform effective and scalable malware detection. Through our large-scale analysis on 4,000 apps, we observe that WuKong’s 3PL detection and subsequent removal helps to improve Debin’s malware detection efficiency by 20.75% without hurting the accuracy.