Options
2015
Conference Paper
Titel
Preventing library spoofing on android
Abstract
Dynamic loading of libraries is a widely used technique in Android applications. But including and executing external library code does not only have benefits, it can have severe detrimental security implications for the application and the user. In this paper we explain the mechanisms of loading external library code into an Android application and discuss resulting security implications. Since an attacker can easily impersonate libraries if the application does not perform the necessary verification, loading such code can introduce severe security problems. As a remedy, we present how external code can be verified and since currently available application often do not perform such verification, we introduce a novel way to enforce this verification.