Similarly to most other applications, mobile ones use open source
components (OSS). But how carefully do developers check the versions of libraries
they use for known vulnerabilities?
To identify and track third‑party dependencies in products,
there are compositional analysis tools (SCA). However, what to do if you do not
have the source code of the application or its parts?
Using the analysis of native Anrdoid application libraries as an example,
the speaker will explore the implementation of binary compositional analysis
(BSCA) and the tasks addressed by it. He will also share the things
he found in the dependencies of popular Russian mobile applications