ISSTA 2019
Mon 15 - Fri 19 July 2019 Beijing, China
Wed 17 Jul 2019 14:00 - 14:22 at Grand Ballroom - Mobile App Testing Chair(s): Xiaoyin Wang

Third-party libraries are vital components of Android apps, yet they can also introduce serious security threats and impede the accuracy and reliability of app analysis tasks, such as app clone detection. Several library detection approaches have been proposed to address these problems. However, we show these techniques are not robust against popular code obfuscators, such as ProGuard, which is now used in nearly half of all apps. We then present LibID, a library detection tool that is more resilient to code shrinking and package modification than state-of-the-art tools. We show that the library identification problem can be formulated using binary integer programming models. LibID is able to identify specific versions of third-party libraries in candidate apps through static analysis of app binaries coupled with a database of third-party libraries. We propose a novel approach to generate synthetic apps to tune the detection thresholds. Then, we use F-Droid apps as the ground truth to evaluate LibID under different obfuscation settings, which shows that LibID is more robust to code obfuscators than state-of-the-art tools. Finally, we demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of 3,958 most popular apps on the Google Play Store.

Wed 17 Jul
Times are displayed in time zone: (GMT+08:00) Beijing, Chongqing, Hong Kong, Urumqi change

14:00 - 15:30: Technical Papers - Mobile App Testing at Grand Ballroom
Chair(s): Xiaoyin WangUniversity of Texas at San Antonio, USA
issta-2019-Technical-Papers14:00 - 14:22
Jiexin ZhangUniversity of Cambridge, Alastair R. BeresfordUniversity of Cambridge, UK, Stephan A. KollmannUniversity of Cambridge
DOI Pre-print
issta-2019-Technical-Papers14:22 - 14:45
Aman SharmaIIT Madras, Rupesh NasreIIT Madras, India
issta-2019-Technical-Papers14:45 - 15:07
Pingfan KongInterdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Li LiMonash University, Australia, Jun GaoUniversity of Luxembourg, SnT, Tegawendé F. BissyandéSnT, University of Luxembourg, Jacques KleinUniversity of Luxembourg, SnT
issta-2019-Technical-Papers15:07 - 15:30
Jiaqi GuoXi'an Jiaotong University, Shuyue LiXi'an Jiaotong University, Jian-Guang LouMicrosoft Research, Zijiang YangWestern Michigan University, Ting LiuMOEKLINNS Lab, Department of Computer Science and Technology, Xi'an Jiaotong University, 710049, China