Skip to content

Exodus static analysis prone to simple tracker obfuscations #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
FreebeJan opened this issue Dec 30, 2017 · 3 comments
Closed

Exodus static analysis prone to simple tracker obfuscations #46

FreebeJan opened this issue Dec 30, 2017 · 3 comments
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@FreebeJan
Copy link

Since the static analysis is just comparing names of classes in the dex file with class names of popular trackers (code_signature) obfuscated trackers will not be discovered by it.

The problem is that simply by renaming the classes you can prevent exodus from finding any tracker.
Developers have incentive to obfuscate their applications beyond making trackers undetectable:

  • Protection of intelectual property
  • Minimization of apk file size
  • . . .

Tools like proguard can be used for just this.
https://www.guardsquare.com/en/proguard

There are approaches that will detect trackers despite obfuscation attempts.

This paper introduces a obfuscation resiliant approach to detect libraries in android applications:
Titze, Dennis, Michael Lux, and Julian Schuette. "Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications." Trustcom/BigDataSE/ICESS, 2017 IEEE. IEEE, 2017.
@U039b U039b added the enhancement New feature or request label Dec 31, 2017
@U039b
Copy link
Contributor

U039b commented Dec 31, 2017
edited
Loading

Hi!
We plan to use LibScout in the future. But first, we have to get SDKs of all the trackers we know.

See #40.

@U039b U039b added the help wanted Extra attention is needed label Dec 31, 2017
@mr-gosh
Copy link

mr-gosh commented Nov 7, 2018

how can we help?

@jfoucry
Copy link
Contributor

jfoucry commented Nov 7, 2018

@mr-gosh Why not? Feel free to come and discuss with us on exodus-privacy irc/freenode channel.

@pnu-s pnu-s added question Further information is requested and removed enhancement New feature or request labels May 30, 2020
@U039b U039b closed this as completed May 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jfoucry @mr-gosh @FreebeJan @pnu-s @U039b