Change SDK exclusion method #10
Description
Current algorithm that detects whether a given class belongs to a java sdk is based on full classname matching (package+classname). This has to be change since bad guys can use package name spoofing to invalidate their class analysis and bypass the scan.
For this reason, the next iteration on this algorithm has to be based on class method enumaration, matching and opcode sequence matching. If the analyzed class has the same number of methods, the same method declarations and the code of the methods is very very very close, then the class belongs to android SDK and will not be analyzed.