Ultrawide archaeology on Android native libraries

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
Not yet available
Language
English
Abstract
A bug in a scraper script led to us downloading every single native library in every single Android app ever published in any market (~8 million apps).
Instead of deleting this massive dataset and starting again, we foolishly decided to run some binary similarity algos to check if libraries and outdated and still vulnerable to old CVEs. No one told us we were opening Pandora's box.
A tragic story of scraping, IP-banning circumvention, love/hate relationships with machine learning, binary similarity party tricks, and an infinite sea of vulnerabilities.

A rumor has been going around: Android developers are slow to update native dependencies, leaving vulnerabilities unpatched.
In this talk we will show how *wrong* this rumor is: Android developers are not slow to patch - they never heard of the word patching.
We conduct a massive study over the every single app ever published on Android (more than 8 million!).
We explore trendy topics like Play Store scraping, Androzoo scraping, Maven repository scraping, the state of the Android ecosystem, binary similarity state-of-the-art methods vs binary similarity pre-historic methods, and the consequences of thinking you know how databases work when you actually don't.

Talk ID
38c3-311
Event:
38c3
Day
3
Room
Saal GLITCH
Start
8:15 p.m.
Duration
00:40:00
Track
Security
Type of
Talk
Speaker
Luca Di Bartolomeo (cyanpencil)
Rokhaya Fall
Luca Di Bartolomeo (cyanpencil)
Rokhaya Fall
Talk Slug & media link
38c3-311-ultrawide-archaeology-on-android-native-libraries

The video is not yet available