Third-party libraries (TPLs) have been widely used in mobile apps, which play an essential part in the entire Android ecosystem. However, TPL is a double-edged sword. On the one hand, it can ease the development of mobile apps. On the other hand, it also brings security risks such as privacy leaks or increased attack surfaces (e.g., by introducing over-privileged permissions) to mobile apps. Although there are already many studies for characterizing third-party libraries, including automated detection, security and privacy analysis of TPLs, TPL attributes analysis, etc., what strikes us odd is that there is no systematic study to summarize those studies' endeavors. To this end, we conduct the first systematic literature review on Android TPL-related research. Following a well-defined systematic literature review protocol, we collected 74 primary research papers closely related to the Android third-party library from 2012 to 2020. After carefully examining these studies, we designed a taxonomy of TPL-related research studies and conducted a systematic study to summarize current solutions, limitations, challenges and possible implications of new research directions related to third-party library analysis. We hope that these contributions can give readers a clear overview of existing TPL-related studies and inspire them to go beyond the current status quo by advancing the discipline with innovative approaches.
翻译:在移动应用程序中广泛使用第三方图书馆(TPL),这在整个Android生态系统中起着重要作用。然而,TPL是一种双刃剑。一方面,它可以方便移动应用程序的开发。另一方面,它也给移动应用程序带来安全风险,如隐私泄漏或攻击面增加(例如,采用超优惠许可)等。虽然已经有许多关于第三方图书馆特征的研究,包括对TPL的自动检测、安全和隐私分析、TPL属性分析等,但令我们感到奇怪的是,没有系统的研究来总结这些研究的努力。为此目的,我们首次对与TPL有关的研究进行系统的文献审查。在经过一个明确界定的系统化文献审查协议之后,我们从2012年至2020年收集了74份与Android第三方图书馆密切相关的初级研究论文。我们仔细研究了这些研究之后,设计了TPL相关研究的分类,并进行了系统的研究,总结了目前的解决办法、限制、挑战和可能的影响。我们感到奇怪的是,没有系统的研究可以总结这些研究努力。为此目的,我们进行了第一次系统化的关于Android TPL相关研究的文献审查。我们从目前的新的研究方向向第三方现状分析展示了这些现状。
相关内容
微信扫码咨询专知VIP会员