01.01.2021
Scalable online vetting of Android apps for measuring declared SDK versions and their consistency with API calls
Erschienen in: Empirical Software Engineering | Ausgabe 1/2021
EinloggenAktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Abstract
DSDK
versions afterwards) in real apps, and the (in)consistency between DSDK
versions and their host apps’ API calls. To successfully analyze a modern dataset of 22,687 popular apps (with an average app size of 25MB), we design a scalable approach that operates on the Android bytecode level and employs a lightweight bytecode search for app analysis. This approach achieves a good performance suitable for online vetting in app markets, requiring only around 5 seconds to process an app on average. Besides shedding light on the characteristics of DSDK
in the wild, our study quantitatively measures two side effects of inappropriate DSDK
versions: (i) around 35% apps under-set the minimum DSDK
versions and could incur runtime crashes, but fortunately, only 11.3% apps could crash on Android 6.0 and above; (ii) around 2% apps, due to under-claiming the targeted DSDK
versions, are potentially exploitable by remote code execution, and half of them invoke the vulnerable API via embedded third-party libraries. These results indicate the importance and difficulty of declaring correct DSDK
, and our work can help developers fulfill this goal.