SoProtector: Securing Native C/C++ Libraries for Mobile Applications

  • Ning Zhang
  • Guangquan XuEmail author
  • Guozhu Meng
  • Xi Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11336)


Java code is easy to be decompiled, and third-party SO files are used frequently by developers to improve development efficiency. Therefore, more and more core functions of Android applications are implemented in the native layer. However, there is neither comprehensive security research work nor automated security analysis tools on Android native layer, especially for third-party SO files that are dynamically loaded within the applications. To solve this problem, SoProtector, a novel and effective system is proposed to defend against the privacy leaks, which mainly analyzes the data stream between two levels: application and Native layers. In addition, SoProtector includes a real-time monitor to detect malicious functions in binary code. Our evaluation using 3400 applications has demonstrated that SoProtector can detect more sources, sinks and smudges than most static analysis tools; And it detects and effectively blocks more than 82% of applications that dynamically load malicious third-party SO files with low performance overhead.


Mobile security Mobile privacy Native C/C++ libraries Android 



This work has been partially sponsored by the National Key R&D Program of China (No. 2017YFE0111900), the National Science Foundation of China (No. 61572355, U1736115), the Tianjin Research Program of Application Foundation and Advanced Technology (No. 15JCYBJC15700), and the Fundamental Research of Xinjiang Corps (No. 2016AC015).


  1. 1.
  2. 2.
  3. 3.
    Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.Jean, Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). Scholar
  4. 4.
  5. 5.
    Symantec index. Scholar
  6. 6.
  7. 7.
  8. 8.
  9. 9.
    Liu, Z.: Verifiable searchable encryption with aggregate keys for data sharing system. Future Gener. Comput. Syst. 78, 778–788 (2018)CrossRefGoogle Scholar
  10. 10.
    Enck, W.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst., 2–32 (2014)Google Scholar
  11. 11.
    Hornyack, P.: These aren’t the droids you are looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 639–652 (2011)Google Scholar
  12. 12.
    Arzt, S.: Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49, 259–269 (2014)CrossRefGoogle Scholar
  13. 13.
    Chen, X.: N-Mobishare: new privacy-perserving location-sharing system for mobile online social networks. Int. J. Comput. Math. 93, 384–400 (2018)Google Scholar
  14. 14.
    Li, T.: CDFS: a cryptographic data publishing system. J. Comput. Syst. Sci., 80–91 (2018)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Fischer, F.: Stack overflow considered harmful? the impact of copy & paste on android application security. In: IEEE Symposium on Security and Privacy (SP), pp. 121–136 (2017)Google Scholar
  16. 16.
    Xu, D.: Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In: IEEE Symposium on Security and Privacy (SP), pp. 921–937 (2017)Google Scholar
  17. 17.
    Eschweiler, S.: Efficient cross-architecture identification of bugs in binary code. In: The Network and Distributed System Security Symposium (2016)Google Scholar
  18. 18.
    Pewny, J.: Cross-architecture bug search in binary executables. In: IEEE Symposium on Security and Privacy, pp. 709–724 (2015)Google Scholar
  19. 19.
    Feng, Q.: Scalable graph-based bug search for firmware images. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 480–491 (2016)Google Scholar
  20. 20.
    Geoffrey, H.: Deep learning. Nature 521, 436–444 (2015)CrossRefGoogle Scholar
  21. 21.
    Richard, S.: Recognizing functions in binaries with neural networks. In: USENIX Security, pp. 611–626 (2015)Google Scholar
  22. 22.
    Xiao, J.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: ACM Conference on Computer and Communications Security, pp. 435–446 (2017)Google Scholar
  23. 23.
    Wang, H.: A secure, usable, and transparent middleware for permission managers on Android. In: IEEE Transactions on Dependable and Secure Computing, pp. 350–362 (2017)CrossRefGoogle Scholar
  24. 24.
    Wandoujia Store Index.
  25. 25.
    VirusShare Index.
  26. 26.
    Krupp, B.: SPE: security and privacy enhancement framework for mobile devices. IEEE Trans. Dependable Sec. Comput. 14, 433–446 (2017)CrossRefGoogle Scholar
  27. 27.
    Saracino, A.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Sec. Comput. 15, 83–97 (2018)CrossRefGoogle Scholar
  28. 28.
    Tongxin, L.: Unleashing the walking dead: understanding cross-app remote infections on mobile WebViews. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 829–844 (2017)Google Scholar
  29. 29.
    Paranthaman, R.: Malware collection and analysis. In: 2017 IEEE International Conference on Information Reuse and Integration, pp. 26–31 (2017)Google Scholar
  30. 30.
    Files Websites index.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Ning Zhang
    • 1
  • Guangquan Xu
    • 1
    Email author
  • Guozhu Meng
    • 2
  • Xi Zheng
    • 3
  1. 1.Tianjin Key Laboratory of Advanced Networking (TANK), School of Computer Science and TechnologyTianjin UniversityTianjinChina
  2. 2.Nanyang Technological UniversitySingaporeSingapore
  3. 3.Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations