YoVDO

The Impact of Third-party Code on Android App Security

Offered By: USENIX Enigma Conference via YouTube

Tags

Android Security Courses USENIX Enigma Conference Courses Vulnerability Analysis Courses Code Obfuscation Courses

Course Description

Overview

Explore the impact of third-party code on Android app security in this 19-minute conference talk from USENIX Enigma 2018. Delve into the challenges of detecting third-party libraries in Android applications, especially when faced with code obfuscation and minification techniques. Learn about a novel library detection approach that can pinpoint exact library versions, and discover the implications of outdated libraries on app vulnerability. Examine the slow adoption of new library versions by app developers and the persistence of known security vulnerabilities in popular libraries. Investigate the potential for automatic patching of vulnerable versions and consider the obstacles to improving the current security landscape in Android app development. Gain valuable insights into the double-edged nature of third-party libraries, balancing code reuse benefits against increased attack surface risks.

Syllabus

Intro
Third-party Code - A Double-edged Sword
Risk Estimation
Quantify Security Impact
Detection Challenges on Android
Common Analysis Approach
Code Structure Detection
Profiling Apps & Libraries
Method Hashing
Profile Matching
Measuring Library Outdatedness
Vulnerability Lifetime
Call for Action
Takeaways


Taught by

USENIX Enigma Conference

Related Courses

Unlocking Information Security II: An Internet Perspective
Tel Aviv University via edX
Cybersecurity Capstone: Breach Response Case Studies
IBM via Coursera
Complete Ethical Hacking Bootcamp
Udemy
Cyber Security Advanced Persistent Threat Defender Preview
Udemy
Performing Threat Modeling with the PASTA Methodology
Pluralsight