U039b
commented
6 years ago Hi! We plan to use LibScout in the future. But first, we have to get SDKs of all the trackers we know.
See #40.
Closed FreebeJan closed 2 years ago
U039b
commented
6 years ago Hi! We plan to use LibScout in the future. But first, we have to get SDKs of all the trackers we know.
See #40.
mr-gosh
commented
5 years ago how can we help?
jfoucry
commented
5 years ago @mr-gosh Why not? Feel free to come and discuss with us on exodus-privacy irc/freenode channel.
Since the static analysis is just comparing names of classes in the dex file with class names of popular trackers (code_signature) obfuscated trackers will not be discovered by it.
The problem is that simply by renaming the classes you can prevent exodus from finding any tracker. Developers have incentive to obfuscate their applications beyond making trackers undetectable:
Tools like proguard can be used for just this. https://www.guardsquare.com/en/proguard
There are approaches that will detect trackers despite obfuscation attempts.
This paper introduces a obfuscation resiliant approach to detect libraries in android applications: Titze, Dennis, Michael Lux, and Julian Schuette. "Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications." Trustcom/BigDataSE/ICESS, 2017 IEEE. IEEE, 2017.