The widespread use of third-party libraries (TPL) has brought many conveniences to Android application development, fostering the development of the Android application ecosystem. Detecting the presence of TPLs in Android applications is crucial in the Android era, as it enables the rapid identification of their usage when security vulnerabilities arise in TPL code. Android code obfuscation can significantly impact the task of detecting TPLs, especially as obfuscation methods continue to iterate. Rule-based matching methods, which are commonly used in most approaches, often struggle to adapt to new obfuscation strategies.

This paper proposes LibAttention, a feature-language-model-based Android TPL detection technique. LibAttention converts app binary code and TPL source code into Android intermediate representation Smali and extracts features that are less susceptible to obfuscation. These features are then fed into a language model to train an encoder from scratch. During the detection process, LibAttention encodes and compresses the app and TPL code representations and feeds them into downstream models for training and prediction.LibAttention is trained for third-party library detection tasks on downstream models, utilizing datasets compiled with various obfuscation modes and threshold adjustments to establish detection standards. Subsequently, detection and evaluation are conducted on the large-scale AndroZoo dataset. Its pretraining-fine-tuning model architecture eliminates the dependency on large amounts of labeled data samples.

The experimental results indicate that the detection capabilities of LibAttention are more effective compared to the baseline results, significantly mitigating the impact of the Android R8 obfuscation tool on applications. Moreover, when compared to existing rule-based Android TPL detection techniques, LibAttention demonstrates significant improvements on the Android R8 obfuscation dataset, boasting over a 30% enhancement in the F1 score.