ABSTRACT
We present LibKit, the first approach and tool for detecting the name and version of third-party libraries (TPLs) present in iOS apps. LibKit automatically builds fingerprints for 86K library versions available through the CocoaPods dependency manager and matches them on the decrypted app executables to identify the TPLs (name and version) an iOS app uses. LibKit supports apps written in Swift and Objective-C, detects statically and dynamically linked libraries, and addresses challenges such as partially included libraries and different compiler versions and configurations producing variants of the same library version. On a ground truth of 95 open-source apps, LibKit identifies libraries with a precision of 0.911 and a recall of 0.839. LibKit also significantly outperforms the state-of-the-art CRiOS tool for identifying TPL boundaries. When applied to 1,500 apps from the iTunes Store, LibKit detects 47,015 library versions, identifying popular apps that contain old library versions.
- Mohd Shahdi Ahmad, Nur Emyra Musa, Rathidevi Nadarajah, Rosilah Hassan, and Nor Effendy Othman. 2013. Comparison between android and iOS Operating System in terms of security. In CITA 2013: 8th International Conference on Information Technology in Asia. 1–4. Google ScholarCross Ref
- Fattoh Al-Qershi, Muhammad Al-Qurishi, Sk Md Mizanur Rahman, and Atif Al-Amri. 2014. Android vs. iOS: The security battle. In WCCAIS 2014: World Congress on Computer Applications and Information Systems. 1–8. Google ScholarCross Ref
- 2022. angr. https://github.com/angr/angr. Google Scholar
- Michael Backes, Sven Bugiel, and Erik Derr. 2016. Reliable third-party library detection in android and its security applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 356–367. Google ScholarDigital Library
- Salman A Baset, Shih-Wei Li, Philippe Suter, and Omer Tripp. 2017. Identifying Android library dependencies in the presence of code obfuscation and minimization. In ICSE 2017: Proceedings of the 39th International Conference on Software Engineering. 250–252. Google ScholarDigital Library
- Ulrich Bayer, Paolo Milani Comparetti, Clemens Hlauschek, Christopher Kruegel, and Engin Kirda. 2009. Scalable, Behavior-Based Malware Clustering. In Network and Distributed System Security. Google Scholar
- Zinaida Benenson, Freya Gassmann, and Lena Reinfelder. 2013. Android and iOS users’ differences concerning security and privacy. In CHI 2013: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 817–822. Google Scholar
- 2022. Carthage Dependency Manager. https://github.com/Carthage/Carthage. Google Scholar
- Moses S Charikar. 2002. Similarity estimation techniques from rounding algorithms. In Proceedings of the thiry-fourth annual ACM symposium on Theory of computing. 380–388. Google ScholarDigital Library
- Kai Chen, Xueqiang Wang, Yi Chen, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Bin Ma, Aohui Wang, Yingjun Zhang, and Wei Zou. 2016. Following devil’s footprints: Cross-platform analysis of potentially harmful libraries on android and ios. In IEEE S&P: 2016 IEEE Symposium on Security and Privacy. 357–376. Google ScholarCross Ref
- 2022. CocoaPods Dependency Manager. https://cocoapods.org/. Google Scholar
- Daniel Domínguez-Álvarez and Alessandra Gorla. 2019. Release Practices for iOS and Android Apps. In WAMA 2019: Proceedings of the 3rd International Workshop on App Market Analytics. 15–18. Google ScholarDigital Library
- Daniel Domínguez-Álvarez, Alessandra Gorla, and Juan Caballero. 2022. On the Usage of Programming Languages in the iOS Ecosystem. In SCAM 2022: Proceedings of the 22nd IEEE International Working Conference on Source Code Analysis and Manipulation. Google ScholarCross Ref
- Daniel Domínguez-Álvarez, Alessandra Gorla, Juan Caballero, and Roberto Giacobazzi. 2019. Are you Sure They are the Same? Identifying Differences Between iOS and Android Implementations. In Actas de las V Jornadas Nacionales de Ciberseguridad. 332–333. Google Scholar
- 2022. dsdump. https://github.com/DerekSelander/dsdump. Google Scholar
- Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2011. PiOS: Detecting Privacy Leaks in iOS Applications.. In NDSS 2011: 18th Annual Symposium on Network and Distributed System Security. 177–183. Google Scholar
- 2022. Frida Instrumentation Toolkit. https://frida.re/. Google Scholar
- Mark H Goadrich and Michael P Rogers. 2011. Smart smartphone development: iOS versus Android. In SIGCSE 2011: Proceedings of the 42nd ACM Technical Symposium on Computer Science Education. 607–612. Google ScholarDigital Library
- Tor-Morten Grønli, Jarle Hansen, Gheorghita Ghinea, and Muhammad Younas. 2014. Mobile application platform heterogeneity: Android vs Windows Phone vs iOS vs Firefox OS. In AINA 2014: 28th IEEE International Conference on Advanced Information Networking and Applications. 635–641. Google ScholarDigital Library
- Maria Halkidi, Yannis Batistakis, and Michalis Vazirgiannis. 2001. On clustering validation techniques. Journal of intelligent information systems, 17, 2 (2001), 107–145. Google ScholarDigital Library
- John Hubbard, Ken Weimer, and Yu Chen. 2014. A study of SSL proxy attacks on Android and iOS mobile applications. In CCNC 2014: 11th IEEE Consumer Communications and Networking Conference. 86–91. Google ScholarCross Ref
- Mona Erfani Joorabchi and Ali Mesbah. 2012. Reverse engineering iOS mobile applications. In WCRE 2012: 19th Working Conference on Reverse Engineering. 177–186. Google ScholarDigital Library
- Konrad Kollnig, Anastasia Shuba, Reuben Binns, Max Van Kleek, and Nigel Shadbolt. 2022. Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps. PETS, 2022, 2 (2022), 6–24. Google Scholar
- Menghao Li, Wei Wang, Pei Wang, Shuai Wang, Dinghao Wu, Jian Liu, Rui Xue, and Wei Huo. 2017. LibD: Scalable and Precise Third-party Library Detection in Android Markets. In ICSE 2017: Proceedings of the 39th International Conference on Software Engineering. 335–346. Google Scholar
- Yong Li, Yuanyuan Zhang, Juanru Li, and Dawu Gu. 2015. icryptotracer: Dynamic analysis on misuse of cryptography functions in ios applications. In NSS 2015: Proceedings of the 2015 International Conference on Network and System Security. 349–362. Google Scholar
- 2023. LibKit release URL. https://doi.org/10.5281/zenodo.7042015. Google ScholarCross Ref
- 2023. LibKit Website. https://sites.google.com/view/libkit. Google Scholar
- Ziang Ma, Haoyu Wang, Yao Guo, and Xiangqun Chen. 2016. LibRadar: Fast and Accurate Detection of Third-party Libraries in Android Apps. In ICSE 2016: Proceedings of the 38th International Conference on Software Engineering. 653–656. Google Scholar
- 2022. Mobile Operating System Market Share Worldwide. https://gs.statcounter.com/os-market-share/mobile/worldwide Google Scholar
- Ibtisam Mohamed and Dhiren Patel. 2015. Android vs iOS security: A comparative study. In ITNG 2015: 12th International Conference on Information Technology-New Generations. 725–730. Google ScholarDigital Library
- Damilola Orikogbo, Matthias Büchler, and Manuel Egele. 2016. CRiOS: Toward large-scale iOS application analysis. In Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices. 33–42. Google ScholarDigital Library
- Kristiina Rahkema and Dietmar Pfahl. 2022. Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM. In MSR 2022: 19th International Conference on Mining Software Repositories. 393–397. Google Scholar
- Konrad Rieck, Philipp Trinius, Carsten Willems, and Thorsten Holz. 2011. Automatic Analysis of Malware Behavior using Machine Learning. Journal of Computer Security, 19, 4 (2011). Google ScholarCross Ref
- 2022. Swift Package Manager. https://www.swift.org/package-manager/. Google Scholar
- Zhushou Tang, Ke Tang, Minhui Xue, Yuan Tian, Sen Chen, Muhammad Ikram, Tielei Wang, and Haojin Zhu. 2020. iOS, Your OS, Everybody’s OS: Vetting and Analyzing Network Services of iOS Applications. In USENIX Security: 29th USENIX Security Symposium. 2415–2432. Google Scholar
- Dennis Titze, Michael Lux, and Julian Schuette. 2017. Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications. In 2017 IEEE Trustcom/BigDataSE/ICESS. 618–625. Google Scholar
- Pei Wang, Qinkun Bao, Li Wang, Shuai Wang, Zhaofeng Chen, Tao Wei, and Dinghao Wu. 2018. Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation. In 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE). 26–36. Google ScholarDigital Library
- Yan Wang, Haowei Wu, Hailong Zhang, and Atanas Rountev. 2018. ORLIS: obfuscation-resilient library detection for Android. In MobileSoft 2018: Proceedings of the 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems. 13–23. Google Scholar
- Haohuang Wen, Juanru Li, Yuanyuan Zhang, and Dawu Gu. 2018. An Empirical Study of SDK Credential Misuse in iOS Apps. In APSEC 2018: Proceedings of the 25th Asia-Pacific Software Engineering Conference. 258–267. Google ScholarCross Ref
- Jian Xu and Qianting Yuan. 2020. LibRoad: Rapid, Online, and Accurate Detection of TPLs on Android. IEEE Transactions on Mobile Computing, 21, 1 (2020), 167–180. Google Scholar
- Xian Zhan, Tianming Liu, Yepang Liu, Yang Liu, Li Li, Haoyu Wang, and Xiapu Luo. 2021. A Systematic Assessment on Android Third-party Library Detection Tools. IEEE Transactions on Software Engineering. Google Scholar
- Yuan Zhang, Jiarun Dai, Xiaohan Zhang, Sirong Huang, Zhemin Yang, Min Yang, and Hao Chen. 2018. Detecting third-party libraries in android applications with high precision and recall. In SANER 2018: 25th IEEE International Conference on Software Analysis, Evolution, and Reengineering. 141–152. Google ScholarCross Ref
- Zicheng Zhang, Wenrui Diao, Chengyu Hu, Shanqing Guo, Chaoshun Zuo, and Li Li. 2020. An Empirical Study of Potentially Malicious Third-Party Libraries in Android Apps. In ACM Conference on Security and Privacy in Wireless and Mobile Networks. Google Scholar
Index Terms
- LibKit: Detecting Third-Party Libraries in iOS Apps
Recommendations
Adoption of third-party libraries in mobile apps: a case study on open-source Android applications
MOBILESoft '22: Proceedings of the 9th IEEE/ACM International Conference on Mobile Software Engineering and SystemsThird-party libraries are frequently adopted in open-source Android applications (apps). These libraries are essential to the Android app development ecosystem as they often provide vital functionality that would take significant development time to ...
Code smells in iOS apps: how do they compare to Android?
MOBILESoft '17: Proceedings of the 4th International Conference on Mobile Software Engineering and SystemsWith billions of app downloads, the Apple App Store and Google Play Store succeeded to conquer mobile devices. However, this success also challenges app developers to publish high-quality apps to keep attracting and satisfying end-users. In particular, ...
Understanding third-party libraries in mobile app analysis
ICSE-C '17: Proceedings of the 39th International Conference on Software Engineering CompanionThird-party libraries are widely used in mobile apps. Recent studies showed that third-party libraries account for more than 60% of the code in Android apps on average. As a result, program analysis on Android apps typically requires detecting or ...
Comments