DeepAI AI Chat
Log In Sign Up

iLibScope: Reliable Third-Party Library Detection for iOS Mobile Apps

by   Jingyi Guo, et al.

Vetting security impacts introduced by third-party libraries in iOS apps requires a reliable library detection technique. Especially when a new vulnerability (or a privacy-invasive behavior) was discovered in a third-party library, there is a practical need to precisely identify the existence of libraries and their versions for iOS apps. However, few studies have been proposed to tackle this problem, and they all suffer from the code duplication problem in different libraries. In this paper, we focus on third-party library detection in iOS apps. Given an app, we aim to identify the integrated libraries and pinpoint their versions (or the version range).To this end, we first conduct an in-depth study on iOS third-party libraries to demystify the code duplication challenge. By doing so, we have two key observations: 1) even though two libraries can share classes, the shared classes cannot be integrated into an app simultaneously without causing a class name conflict; and 2) code duplication between multiple versions of two libraries can vary. Based on these findings, we propose a novel profile-based similarity comparison approach to perform the detection. Specifically, we build a library database consists of original library binaries with distinct versions. After extracting profiles for each library version and the target app, we conduct a similarity comparison to find the best matches. We implemented this approach in iLibScope. We built a benchmark consists of 5,807 apps with 10,495 library integrations and applied our tool to it. Our evaluation shows that iLibScope achieves a recall exceeds 99 iLibScope to detect the presence of well-known vulnerable third-party libraries in real-world iOS mobile apps to show the promising usage of our tool. It successfully identified 405 vulnerable library usage from 4,249 apps.


page 1

page 2

page 3

page 4


Too Quiet in the Library: A Study of Native Third-Party Libraries in Android

Android applications ("apps") make avid use of third-party native librar...

A Dataset of Android Libraries

Android app developers extensively employ code reuse, integrating many t...

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Web developers routinely rely on third-party Java-Script libraries such ...

CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks

Online social networks support a vibrant ecosystem of third-party apps t...

Collabs: Composable Collaborative Data Structures

Replicated data types (RDTs), such as Conflict-free Replicated Data Type...

JavaScript Dead Code Identification, Elimination, and Empirical Assessment

Web apps are built by using a combination of HTML, CSS, and JavaScript. ...

crypto_lib: Comparing and selecting cryptography libraries (long version of EICC 2022 publication)

Selecting a library out of numerous candidates can be a laborious and re...