Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls

12/30/2019
by   Daoyuan Wu, et al.
0

Android has been the most popular smartphone system with multiple platform versions active in the market. To manage the application's compatibility with one or more platform versions, Android allows apps to declare the supported platform SDK versions in their manifest files. In this paper, we conduct a systematic study of this modern software mechanism. Our objective is to measure the current practice of declared SDK versions (which we term as DSDK versions afterwards) in real apps, and the (in)consistency between DSDK versions and their host apps' API calls. To successfully analyze a modern dataset of 22,687 popular apps (with an average app size of 25MB), we design a scalable approach that operates on the Android bytecode level and employs a lightweight bytecode search for app analysis. This approach achieves a good performance suitable for online vetting in app markets, requiring only around 5 seconds to process an app on average. Besides shedding light on the characteristics of DSDK in the wild, our study quantitatively measures two side effects of inappropriate DSDK versions: (i) around 50 incur runtime crashes, but fortunately, only 11.3 6.0 and above; (ii) around 2 versions, are potentially exploitable by remote code execution, and a half of them invoke the vulnerable API via embedded third-party libraries. These results indicate the importance and difficulty of declaring correct DSDK, and our work can help developers fulfill this goal.

READ FULL TEXT
research
03/17/2021

AndroidCompass: A Dataset of Android Compatibility Checks in Code Repositories

Many developers and organizations implement apps for Android, the most w...
research
12/12/2017

Detecting Low Rating Android Apps Before They Have Reached the Market

Driven by the popularity of the Android system, Android app markets enjo...
research
06/24/2021

Runtime Permission Issues in Android Apps: Taxonomy, Practices, and Ways Forward

Android introduces a new permission model that allows apps to request pe...
research
02/24/2022

Proactive Libraries: Enforcing Correct Behaviors in Android Apps

The Android framework provides a rich set of APIs that can be exploited ...
research
09/01/2021

Characterizing and Detecting Configuration Compatibility Issues in Android Apps

XML configuration files are widely used in Android to define an app's us...
research
11/21/2019

FILO: FIx-LOcus Recommendation for Problems Caused by Android Framework Upgrade

Dealing with the evolution of operating systems is challenging for devel...
research
01/05/2018

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depi...

Please sign up or login with your details

Forgot password? Click here to reset