Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications

Abstract

Android apps often include libraries supporting certain features, or allowing rapid app development. Due to Android's system design, libraries are not easily distinguishable from the app's core code. But detecting libraries in apps is needed especially in app analysis, e.g., to determine if functionality is executed in the app, or in the code of the library.Previous approaches detected libraries in ways which are susceptible to code obfuscation. For some approaches, even simple obfuscation will cause unrecognised libraries.Our approach - Ordol - builds upon approaches from plagiarism detection to detect a specific library version inside an app in an obfuscation-resilient manner. We show that Ordol can cope well with obfuscated code and can be easily applied to real life apps.