Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner
Citation
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner. "Analyzing inter-application communication in Android". Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11), ACM, 2011.
Abstract
Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. Also, a malicious application can inject forged or otherwise malicious messages, which can lead to breaches of user data and violate application security policies.
We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities. ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. We analyzed 20 applications with the help of ComDroid and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability.
Electronic downloads
| Citation formats |
- HTML
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner. <a href="http://www.truststc.org/pubs/850.html" >Analyzing inter-application communication in Android</a>, Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11), ACM, 2011.
- Plain text
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner. "Analyzing inter-application communication in Android". Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11), ACM, 2011.
- BibTeX
@inproceedings{ChinFeltGreenwoodWagner11_AnalyzingInterapplicationCommunicationInAndroid, author = {Erika Chin and Adrienne Porter Felt and Kate Greenwood and David Wagner}, title = {Analyzing inter-application communication in Android}, booktitle = {Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11)}, organization = {ACM}, year = {2011}, abstract = {Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. Also, a malicious application can inject forged or otherwise malicious messages, which can lead to breaches of user data and violate application security policies. We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities. ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. We analyzed 20 applications with the help of ComDroid and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability.}, URL = {http://www.truststc.org/pubs/850.html} }
Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.