DroidNative: A Greedy-Constructed Large-Scale Indexing for Android Native Libraries

Native libraries are widely used in Android for performance optimization, but their integration also poses security risks. Although existing research works have investigated the adoption, management, and ecosystem evolution of third-party libraries (TPLs) in Android, studies specific to Android native libraries are still rare, which makes the potential threats of native libraries in Android less concerned. The biggest barrier is that, Android native libraries are usually provided by various suppliers in different ways and sources, leading to the lack of a comprehensive registry that indexes commonly used native libraries for further investigations. To this end, by following a greedy strategy to identify possible repository sources and collect Android native libraries, we constructed the first comprehensive native library database DroidNative for Android, with over $\mathbf{6 0 K}$ libraries and $\mathbf{2 9 2 K}$ versions well retained. Our experiments proved its completeness that 85.1% of binaries in real-world APPs can be successfully traced in DroidNative, with $\mathbf{1 0. 1 \%}$ of the rest suspicious to be not third-party native libraries. Moreover, DroidNative is also evaluated to be useful regarding improving existing SCA detection (i.e., LibRARIAN) by outperforming existing state of the art tools with at least $\mathbf{7 8. 4 \%}$ recognition rate improvement.