Proceedings of the
The Nineteenth International Conference on Computational Intelligence and Security (CIS 2023)
December 1 – 4, 2023, Haikou, China
Research on Third-Party Library Detection in Mobile Applications: A Systematic Literature Overview
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), China; School of Cyber Engineering, Xidian University, China
ABSTRACT
Mobile applications commonly use Third-Party Libraries (TPLs) to reuse functionality and improve development efficiency. However, the reuse of unsafe third-party libraries poses a threat to the privacy and security of downstream users within the software supply chain. In recent years, the TPL detection technology has not only addressed existing issues but has also encountered novel challenges in the process. Therefore, it is necessary to conduct a comprehensive review of recent research work. In this paper, we first classified the latest papers from recent years. Subsequently, we closely examined various TPL detection technologies by following the TPL detection process, including the analysis of data processing, library instance recovery, feature extraction, and TPL identification, to explore their advantages and disadvantages. In conclusion, we provided a prospective analysis of the challenges facing TPL detection technology. Based on these observations, we hope to contribute research insights for the future development of TPL detection technology in mobile applications.
Keywords: Third-party library, Library instance recovery, Feature extraction, Library detection, Mobile applications, Anti-obfuscation analysis.
Download PDF
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences), China; School of Cyber Engineering, Xidian University, China
ABSTRACT
Mobile applications commonly use Third-Party Libraries (TPLs) to reuse functionality and improve development efficiency. However, the reuse of unsafe third-party libraries poses a threat to the privacy and security of downstream users within the software supply chain. In recent years, the TPL detection technology has not only addressed existing issues but has also encountered novel challenges in the process. Therefore, it is necessary to conduct a comprehensive review of recent research work. In this paper, we first classified the latest papers from recent years. Subsequently, we closely examined various TPL detection technologies by following the TPL detection process, including the analysis of data processing, library instance recovery, feature extraction, and TPL identification, to explore their advantages and disadvantages. In conclusion, we provided a prospective analysis of the challenges facing TPL detection technology. Based on these observations, we hope to contribute research insights for the future development of TPL detection technology in mobile applications.
Keywords: Third-party library, Library instance recovery, Feature extraction, Library detection, Mobile applications, Anti-obfuscation analysis.
Download PDF