AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis

SAMHI, Jordan; BISSYANDE, Tegawendé François d Assise; KLEIN, Jacques

doi:10.1145/3643991.3644866

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis

SAMHI, Jordan; BISSYANDE, Tegawendé François d Assise; KLEIN, Jacques

2024 • In Proceedings - 2024 IEEE/ACM 21st International Conference on Mining Software Repositories, MSR 2024

Peer reviewed Dataset

Permalink
https://hdl.handle.net/10993/62497

DOI
10.1145/3643991.3644866

arXiV
2307.12609v3

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Author postprint (679.25 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Android Libraries; Android Static Analysis; Android apps; Android library; Android static analyse; Code reuse; Dependency analysis; Large parts; New approaches; Software dependencies; Static analyzers; Third parties; Computer Science Applications; Software; Safety, Risk, Reliability and Quality; Computer Science - Software Engineering

Abstract :

[en] Android app developers extensively employ code reuse, integrating many third-party libraries into their apps. While such integration is practical for developers, it can be challenging for static analyzers to achieve scalability and precision when libraries account for a large part of the code. As a direct consequence, it is common practice in the literature to consider developer code only during static analysis -with the assumption that the sought issues are in developer code rather than the libraries. However, analysts need to distinguish between library and developer code. Currently, many static analyses rely on white lists of libraries. However, these white lists are unreliable, inaccurate, and largely non-comprehensive.In this paper, we propose a new approach to address the lack of comprehensive and automated solutions for the production of accurate and "always up to date"sets of libraries. First, we demonstrate the continued need for a white list of libraries. Second, we propose an automated approach to produce an accurate and up-to-date set of third-party libraries in the form of a dataset called AndroLibZoo. Our dataset, which we make available to the community, contains to date 34 813 libraries and is meant to evolve.

Disciplines :

Computer science

Author, co-author :

SAMHI, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

BISSYANDE, Tegawendé François d Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

yes

Language :

English

Title :

AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis

Publication date :

15 April 2024

Event name :

Proceedings of the 21st International Conference on Mining Software Repositories

Event place :

Lisbon, Prt

Event date :

15-04-2024 => 16-04-2024

Main work title :

Proceedings - 2024 IEEE/ACM 21st International Conference on Mining Software Repositories, MSR 2024

Publisher :

Institute of Electrical and Electronics Engineers Inc.

ISBN/EAN :

9798400705878

Peer reviewed :

Peer reviewed

Additional URL :

https://dl.acm.org/doi/pdf/10.1145/3643991.3644866

FnR Project :

16344458
18154263

Name of the research project :

U-AGR-7109 - C21/IS/16344458/REPROCESS/Klein - KLEIN Jacques
U-AGR-7343 - C23/IS/18154263/Unlock - KLEIN Jacques

Funders :

Association for Computing Machinery (ACM)
IEEE Computer Society
IEEE Technical Council on Software Engineering (TCSE)
Special Interest Group on Software Engineering (ACM SIGSOFT)

Funding number :

18154263; 16344458

Funding text :

This research was funded in whole, or in part, by the Luxembourg National Research Fund (FNR), grant references REPROCESS Project (16344458) and UNLOCK Project (18154263).

Data Set :

AndroLibZoo

Available on ORBilu :

since 13 November 2024

Statistics

Number of views

105 (0 by Unilu)

Number of downloads

30 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Aafer, Y., Du, W., and Yin, H. Droidapiminer: Mining api-level features for robust malware detection in android. In Security and Privacy in Communication Networks (Cham, 2013), T. Zia, A. Zomaya, V. Varadharajan, and M. Mao, Eds., Springer International Publishing, pp. 86-103.
Allix, K., Bissyandé, T. F., Klein, J., and Le Traon, Y. Androzoo: Collecting millions of android apps for the research community. In Proceedings of the 13th International Conference on Mining Software Repositories (New York, NY, USA, 2016), MSR '16, ACM, pp. 468-471.
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., and McDaniel, P. Flowdroid: Precise context, flow, field, objectsensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN NOTICES 49, 6 (June 2014), 259-269.
Avdiienko, V., Kuznetsov, K., Gorla, A., Zeller, A., Arzt, S., Rasthofer, S., and Bodden, E. Mining apps for abnormal usage of sensitive data. In Proceedings of the 37th International Conference on Software Engineering - Volume 1 (2015), ICSE '15, IEEE Press, p. 426-436.
Backes, M., Bugiel, S., and Derr, E. Reliable third-party library detection in android and its security applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2016), CCS '16, Association for Computing Machinery, p. 356-367.
Ban, Y., Lee, S., Song, D., Cho, H., and Yi, J. H. Fam: Featuring android malware for deep learning-based familial analysis. IEEE Access 10 (2022), 20008-20018.
Bialecki, A., Muir, R., Ingersoll, G., and Imagination, L. Apache lucene 4. In SIGIR 2012 workshop on open source information retrieval (2012), p. 17.
Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., and Yin, H. Automatically Identifying Trigger-based Behavior in Malware. Springer US, Boston, MA, 2008, pp. 65-88.
Chen, K., Liu, P., and Zhang, Y. Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In Proceedings of the 36th International Conference on Software Engineering (New York, NY, USA, 2014), ICSE 2014, Association for Computing Machinery, p. 175-186.
Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E., Kruegel, C., and Vigna, G. Triggerscope: Towards detecting logic bombs in android applications. In 2016 IEEE Symposium on Security and Privacy (SP) (2016), pp. 377-396.
Grace, M. C., Zhou, W., Jiang, X., and Sadeghi, A.-R. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (New York, NY, USA, 2012), WISEC '12, Association for Computing Machinery, p. 101-112.
Gradle. Google maven repositoryhttps://docs.gradle.org/current/userguide/ declaring_repositories.html#sub:maven_google, 2022. Accessed December 2022.
Gradle. Maven central repositoryhttps://docs.gradle.org/current/userguide/ declaring_repositories.html#sub:maven_central, 2022. Accessed December 2022.
JFrog. Jcenter, https://developer.android.com/studio/build/jcenter-migration, 2023. Accessed Apr. 2023.
Li, L., Bartel, A., Bissyandé, T. F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., and McDaniel, P. Iccta: Detecting inter-component privacy leaks in android apps. In Proceedings of the 37th International Conference on Software Engineering - Volume 1 (2015), ICSE '15, IEEE Press, p. 280-291.
Li, L., Bissyandé, T. F., Klein, J., and Le Traon, Y. An investigation into the use of common libraries in android apps. In 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER) (2016), vol. 1, pp. 403- 414.
Li, L., Bissyandé, T. F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., Klein, J., and Traon, L. Static analysis of android apps: A systematic literature review. Information and Software Technology 88 (2017), 67-95.
Li, L., Riom, T., Bissyandé, T. F., Wang, H., Klein, J., and Yves, L. T. Revisiting the impact of common libraries for android-related investigations. Journal of Systems and Software 154 (2019), 157-175.
Ma, Z., Wang, H., Guo, Y., and Chen, X. Libradar: Fast and accurate detection of third-party libraries in android apps. In Proceedings of the 38th International Conference on Software Engineering Companion (New York, NY, USA, 2016), ICSE '16, Association for Computing Machinery, p. 653-656.
Maintainer, F. Flowdroid's systemclasshandler class https://github.com/securesoftware- engineering/FlowDroid/blob/develop/soot-infoflow/src/soot/jimple/ infoflow/util/SystemClassHandler.java, 2023. Accessed January 2023.
Samhi, J., Bartel, A., Bissyande, T. F., and Klein, J. Raicc: Revealing atypical inter-component communication in android apps. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE) (Los Alamitos, CA, USA, May 2021), IEEE Computer Society, pp. 1398-1409.
Samhi, J., Gao, J., Daoudi, N., Graux, P., Hoyez, H., Sun, X., Allix, K., Bissyandé, T. F., and Klein, J. Jucify: A step towards android code unification for enhanced static analysis. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) (Los Alamitos, CA, USA, May 2022), IEEE Computer Society, pp. 1232-1244.
Samhi, J., Li, L., Bissyande, T. F., and Klein, J. Difuzer: Uncovering suspicious hidden sensitive operations in android apps. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) (Los Alamitos, CA, USA, May 2022), IEEE Computer Society, pp. 723-735.
Sun, X., Chen, X., Li, L., Cai, H., Grundy, J., Samhi, J., Bissyandé, T. F., and Klein, J. Demystifying hidden sensitive operations in android apps. ACM Trans. Softw. Eng. Methodol. (dec 2022). Just Accepted.
Wang, Y., Wu, H., Zhang, H., and Rountev, A. Orlis: Obfuscation-resilient library detection for android. In 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft) (2018), pp. 13-23.
Wei, F., Roy, S., Ou, X., and Robby. Amandroid: A precise and general intercomponent data flow analysis framework for security vetting of android apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2014), CCS '14, Association for Computing Machinery, p. 1329-1341.
Zhan, X., Fan, L., Liu, T., Chen, S., Li, L., Wang, H., Xu, Y., Luo, X., and Liu, Y. Automated third-party library detection for android applications: Are we there yet? In 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2020), pp. 919-930.
Zhan, X., Fan, L., Liu, T., Chen, S., Li, L., Wang, H., Xu, Y., Luo, X., and Liu, Y. Automated third-party library detection for android applications: Are we there yet? In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (New York, NY, USA, 2021), ASE '20, Association for Computing Machinery, p. 919-930.
Zhan, X., Liu, T., Fan, L., Li, L., Chen, S., Luo, X., and Liu, Y. Research on thirdparty libraries in android apps: A taxonomy and systematic literature review. IEEE Transactions on Software Engineering 48, 10 (2022), 4181-4213.
Zhang, Y., Dai, J., Zhang, X., Huang, S., Yang, Z., Yang, M., and Chen, H. Detecting third-party libraries in android applications with high precision and recall. In 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER) (2018), pp. 141-152.