基于聚类的安卓应用闭源第三方库识别

he third-party library in Android application is a double-edged sword, which can cause privacy leakage or introduce vulnerable code while assisting application development. This paper implements a tool called Libmonitor. Libmonitor classifies Android APIs according to their functions, uses the calling frequency of different types of APIs as features, and then divides potential third-party libraries by clustering features of a large number of applications. Finally, Libmonitor perform cluster prediction to detect third-party libraries in the application under test. This method uses fuzzy matching on feature vectors and is resistant to code removal and control flow randomization. Libmonitor is evaluated on 162 groups of obfuscated applications and 217 common applications, and compared with two existing third-party library detection tools, the F1 value of Libmonitor exceeds these two tools on both datasets. Experimental results show that Libmonitor has good performance in resisting code obfuscation and detecting closed-source third-party libraries.