User-Side Updating of Third-Party Libraries for Android Applications

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW) Pub Date : 2018-11-01 DOI:10.1109/CANDARW.2018.00088

Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito

引用次数: 3

Abstract

A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Android应用的第三方库的用户端更新

第三方库(TPL)经常用于开发Android应用程序，但是旧的TPL可能存在漏洞。因此，开发人员需要在应用程序中保持它们的最新版本。尽管如此，仍有许多应用程序使用较旧的tpl。在本文中，我们提出了一种新的方法，使用户能够在Android应用程序中更新tpl。Android应用程序和tpl可以转换成小文件，更像是一种基于汇编语言的文件。可以用同一类上的另一个小文件替换小文件。我们的方法利用了它的特性，将一个易受攻击的TPL交换为一个安全固定的TPL。并将其应用于实际应用，对其可行性进行了评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)

自引率

0.00%

发文量

期刊最新文献

Towards Improving Data Transfer Efficiency for Accelerators Using Hardware Compression Tile Art Image Generation Using Conditional Generative Adversarial Networks A New Higher Order Differential of FeW Non-volatile Memory Driver for Applying Automated Tiered Storage with Fast Memory and Slow Flash Storage DHT Clustering for Load Balancing Considering Blockchain Data Size