Android应用的第三方库的用户端更新

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW) Pub Date : 2018-11-01 DOI:10.1109/CANDARW.2018.00088

Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito

{"title":"Android应用的第三方库的用户端更新","authors":"Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito","doi":"10.1109/CANDARW.2018.00088","DOIUrl":null,"url":null,"abstract":"A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"User-Side Updating of Third-Party Libraries for Android Applications\",\"authors\":\"Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, S. Saito\",\"doi\":\"10.1109/CANDARW.2018.00088\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.\",\"PeriodicalId\":329439,\"journal\":{\"name\":\"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)\",\"volume\":\"104 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CANDARW.2018.00088\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CANDARW.2018.00088","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

第三方库(TPL)经常用于开发Android应用程序，但是旧的TPL可能存在漏洞。因此，开发人员需要在应用程序中保持它们的最新版本。尽管如此，仍有许多应用程序使用较旧的tpl。在本文中，我们提出了一种新的方法，使用户能够在Android应用程序中更新tpl。Android应用程序和tpl可以转换成小文件，更像是一种基于汇编语言的文件。可以用同一类上的另一个小文件替换小文件。我们的方法利用了它的特性，将一个易受攻击的TPL交换为一个安全固定的TPL。并将其应用于实际应用，对其可行性进行了评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

User-Side Updating of Third-Party Libraries for Android Applications

A Third-Party Library(TPL) is often used in developing Android applications, however older TPLs may have vulnerabilities. Hence developers need to keep them in their applications the latest version. Nevertheless, there is a lot of applications using older TPLs. In this paper, we propose a new method which users enable to update TPLs in Android applications. An Android application and TPLs can be converted to smali file which is more of an assembly based language. A smali file can be replaced with another smali file on the same class. Our method takes advantage of its properties and exchanges a vulnerable TPL for an security fixed one. Moreover, we apply it to real applications and evaluate feasibility of it.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)

自引率

0.00%

发文量

期刊最新文献

Towards Improving Data Transfer Efficiency for Accelerators Using Hardware Compression Tile Art Image Generation Using Conditional Generative Adversarial Networks A New Higher Order Differential of FeW Non-volatile Memory Driver for Applying Automated Tiered Storage with Fast Memory and Slow Flash Storage DHT Clustering for Load Balancing Considering Blockchain Data Size