You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current algorithm that detects whether a given class belongs to a java sdk is based on full classname matching (package+classname). This has to be change since bad guys can use package name spoofing to invalidate their class analysis and bypass the scan.
For this reason, the next iteration on this algorithm has to be based on class method enumaration, matching and opcode sequence matching. If the analyzed class has the same number of methods, the same method declarations and the code of the methods is very very very close, then the class belongs to android SDK and will not be analyzed.
The text was updated successfully, but these errors were encountered:
Current algorithm that detects whether a given class belongs to a java sdk is based on full classname matching (package+classname). This has to be change since bad guys can use package name spoofing to invalidate their class analysis and bypass the scan.
For this reason, the next iteration on this algorithm has to be based on class method enumaration, matching and opcode sequence matching. If the analyzed class has the same number of methods, the same method declarations and the code of the methods is very very very close, then the class belongs to android SDK and will not be analyzed.
The text was updated successfully, but these errors were encountered: