Team for Research in
Ubiquitous Secure Technology

Analyzing inter-application communication in Android
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner

Citation
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner. "Analyzing inter-application communication in Android". Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11), ACM, 2011.

Abstract
Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. Also, a malicious application can inject forged or otherwise malicious messages, which can lead to breaches of user data and violate application security policies. We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities. ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. We analyzed 20 applications with the help of ComDroid and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability.

Electronic downloads

Citation formats  
  • HTML
    Erika Chin, Adrienne Porter Felt, Kate Greenwood, David
    Wagner. <a
    href="http://www.truststc.org/pubs/850.html"
    >Analyzing inter-application communication in
    Android</a>, Proceedings of the 9th international
    conference on Mobile systems, applications, and services
    (MobiSys '11), ACM, 2011.
  • Plain text
    Erika Chin, Adrienne Porter Felt, Kate Greenwood, David
    Wagner. "Analyzing inter-application communication in
    Android". Proceedings of the 9th international
    conference on Mobile systems, applications, and services
    (MobiSys '11), ACM, 2011.
  • BibTeX
    @inproceedings{ChinFeltGreenwoodWagner11_AnalyzingInterapplicationCommunicationInAndroid,
        author = {Erika Chin and Adrienne Porter Felt and Kate
                  Greenwood and David Wagner},
        title = {Analyzing inter-application communication in
                  Android},
        booktitle = {Proceedings of the 9th international conference on
                  Mobile systems, applications, and services
                  (MobiSys '11)},
        organization = {ACM},
        year = {2011},
        abstract = {Modern smartphone operating systems support the
                  development of third-party applications with open
                  system APIs. In addition to an open API, the
                  Android operating system also provides a rich
                  inter-application message passing system. This
                  encourages inter-application collaboration and
                  reduces developer burden by facilitating component
                  reuse. Unfortunately, message passing is also an
                  application attack surface. The content of
                  messages can be sniffed, modified, stolen, or
                  replaced, which can compromise user privacy. Also,
                  a malicious application can inject forged or
                  otherwise malicious messages, which can lead to
                  breaches of user data and violate application
                  security policies. We examine Android application
                  interaction and identify security risks in
                  application components. We provide a tool,
                  ComDroid, that detects application communication
                  vulnerabilities. ComDroid can be used by
                  developers to analyze their own applications
                  before release, by application reviewers to
                  analyze applications in the Android Market, and by
                  end users. We analyzed 20 applications with the
                  help of ComDroid and found 34 exploitable
                  vulnerabilities; 12 of the 20 applications have at
                  least one vulnerability.},
        URL = {http://www.truststc.org/pubs/850.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.