Explore a 40-minute conference talk from the Chaos Communication Congress (38C3) that delves into an accidental massive-scale investigation of Android native libraries. Learn how a simple scraping script error led to downloading native libraries from approximately 8 million Android applications, sparking an extensive study of vulnerability patterns. Discover insights into Play Store scraping techniques, Androzoo scraping, Maven repository exploration, and the current state of the Android ecosystem. Follow along as speakers Luca Di Bartolomeo and Rokhaya Fall share their journey through binary similarity analysis, database management challenges, and their findings about the widespread issue of unpatched vulnerabilities in Android applications. Understand how this research debunks the notion that Android developers are slow to update - revealing instead that many may be completely unaware of security patching practices.
Ultrawide Archaeology: Analyzing Vulnerabilities in Android Native Libraries
media.ccc.de via YouTube
Overview
Syllabus
38C3 deu - Ultrawide archaeology on Android native libraries
Taught by
media.ccc.de