SoProtector: safeguard privacy for native SO files in evolving mobile IoT applications

Guangquan Xu, Weizhe Wang, Litao Jiao, Xiaotong Li, Kaitai Liang, Xi Zheng, Wenjuan Lian, Hequn Xian, Honghao Gao

Research output: Contribution to journalArticlepeer-review

17 Citations (Scopus)


Android Apps have become the most important mobile applications in the evolving mobile IoT systems, whose security and privacy are confronted with ever more challenges, since such mobile devices as smartphones involve too much personal privacy information. Meanwhile, the developers prefer to put core functions (e.g., encryption function and T9 search function) of Android applications in the native layer for execution efficiency. However, there are no automated security analysis tools to protect the security and privacy of the Android native layer, especially for those dynamically loaded third-party SO libraries. In order to solve the previous problem, which is confusing, we propose a novel and scalable system, called SoProtector, to prevent privacy from leaking via the analysis of data flow between the Java and native layers. For detection of the malicious function implanted in the SO libraries, SoProtector realizes a real-time engine. We derive the malware features via three steps: 1) present binary files in native family as a grayscale image; 2) with use of the ARM instructions set reversely obtain the code of the SO file and using Python to obtain the opcode sequence; and 3) each file is transformed as the form of assembly language by IDA Pro, which includes a gdl file as an accompaniment. Our experiment, which involved 3400 applications, demonstrates that SoProtector is able to detect more sinks, sources, and smudges. It effectively inspects and blocks at least 82% of the applications that are loading malicious third-party SO dynamically, and it has relatively low overhead in the meantime, compared to most of the existing static analysis tools (e.g., FlowDroid and AndroidLeaks).

Original languageEnglish
Pages (from-to)2539-2552
Number of pages14
JournalIEEE Internet of Things Journal
Issue number4
Early online date30 Sep 2019
Publication statusPublished - Apr 2020


  • Mobile privacy
  • SO files
  • mobile security
  • native C/C++ libraries


Dive into the research topics of 'SoProtector: safeguard privacy for native SO files in evolving mobile IoT applications'. Together they form a unique fingerprint.

Cite this