ANDetect: A Third-party Ad Network Libraries Detection Framework for Android Applications

Third-party advertising libraries, which furnish mobile applications with ads, offer a revenue stream for Android application developers. However, the loaded ads potentially expose application users to privacy infringements and security threats. For instance, tracking scripts embedded in third-party ads monitor user behavior and can entice users into downloading malicious files. Therefore, the detection of advertising libraries in mobile applications is crucial for mobile security protection and serves as the foundation for preventing third-party ads from compromising user privacy. In this paper, we propose ANDetect, a tool specifically designed for identifying advertising libraries in Android applications. Utilizing static analysis of resource characteristics, ANDetect efficiently uncovers advertising libraries embedded in Android applications, thereby addressing the limitation of traditional third-party library detection methods that struggle with encrypted applications. ANDetect leverages a manual collection of 833 unique versions of third-party advertising libraries, combined with profiling and machine learning techniques. This approach utilizes distinctive semantic features in advertising and non-advertising libraries to identify advertising libraries outside of the established ad network database. We conducted an experiment using ANDetect on over 140,000 applications downloaded from Google Play and APPCHINA. Upon manual verification, it was revealed that ANDetect had detected a total of 16 noval advertising libraries, previously unregistered in the database. This underlines ANDetect's potency in enhancing mobile application security by identifying potentially intrusive advertising libraries.