Closed FreebeJan closed 2 years ago
Hi! We plan to use LibScout in the future. But first, we have to get SDKs of all the trackers we know.
See #40.
how can we help?
@mr-gosh Why not? Feel free to come and discuss with us on exodus-privacy irc/freenode channel.
Since the static analysis is just comparing names of classes in the dex file with class names of popular trackers (code_signature) obfuscated trackers will not be discovered by it.
The problem is that simply by renaming the classes you can prevent exodus from finding any tracker. Developers have incentive to obfuscate their applications beyond making trackers undetectable:
Tools like proguard can be used for just this. https://www.guardsquare.com/en/proguard
There are approaches that will detect trackers despite obfuscation attempts.
This paper introduces a obfuscation resiliant approach to detect libraries in android applications: Titze, Dennis, Michael Lux, and Julian Schuette. "Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications." Trustcom/BigDataSE/ICESS, 2017 IEEE. IEEE, 2017.