Advertisement

PIAnalyzer: A Precise Approach for PendingIntent Vulnerability Analysis

  • Sascha Groß
  • Abhishek Tiwari
  • Christian Hammer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11099)

Abstract

PendingIntents are a powerful and universal feature of Android for inter-component communication. A PendingIntent holds a base intent to be executed by another application with the creator’s permissions and identity without the creator necessarily residing in memory. While PendingIntents are useful for many scenarios, e.g., for setting an alarm or getting notified at some point in the future, insecure usage of PendingIntents causes severe security threats in the form of denial-of-service, identity theft, and privilege escalation attacks. An attacker may gain up to SYSTEM privileges to perform the most sensitive operations, e.g., deleting user’s data on the device. However, so far no tool can detect these PendingIntent vulnerabilities.

In this work we propose PIAnalyzer, a novel approach to analyze PendingIntent related vulnerabilities. We empirically evaluate PIAnalyzer on a set of 1000 randomly selected applications from the Google Play Store and find 1358 insecure usages of PendingIntents, including 70 severe vulnerabilities. We manually inspected ten reported vulnerabilities out of which nine correctly reported vulnerabilities, indicating a high precision. The evaluation shows that PIAnalyzer is efficient with an average execution time of 13 seconds per application.

Keywords

Android Intent analysis Information flow control Static analysis 

Notes

Acknowledgements

This work was supported by the German Federal Ministry of Education and Research (BMBF) through the project SmartPriv (16KIS0760).

Supplementary material

References

  1. 1.
    Hoffmann, J., Ussath, M., Holz, T., Spreitzenbarth, M.: Slicing droids: program slicing for smali code. In: Proceedings of the ACM Symposium on Applied Computing, SAC. ACM, New York (2013)Google Scholar
  2. 2.
    Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)CrossRefGoogle Scholar
  3. 3.
    Brains, J.: Kotlin. https://kotlinlang.org
  4. 4.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: XManDroid: a new android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical report TR-2011-04 (2011)Google Scholar
  5. 5.
    Chan, P.P., Hui, L.C., Yiu, S.: A privilege escalation vulnerability checking system for android applications. In: 2011 IEEE 13th International Conference on Communication Technology (ICCT), pp. 681–686. IEEE (2011)Google Scholar
  6. 6.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)Google Scholar
  7. 7.
    Trummer, T., Dalvi, T.: QARK: Quick Android Review Kit. DefCon 23, August 2015. https://github.com/linkedin/qark
  8. 8.
    Feizollah, A., Anuar, N.B., Salleh, R., Suarez-Tangil, G., Furnell, S.: Androdialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017)CrossRefGoogle Scholar
  9. 9.
  10. 10.
    Google: Android Intent Documentation. https://developer.android.com/reference/android/content/Intent.html. Accessed May 2017
  11. 11.
    Google: Dalvik bytecode documentation. https://source.android.com/devices/tech/dalvik/dalvik-bytecode. Accessed May 2017
  12. 12.
  13. 13.
    Google: Android OS Statistics, February 2018. https://developer.android.com/about/dashboards/index.html#Screens
  14. 14.
  15. 15.
    Jha, A.K., Lee, S., Lee, W.J.: Modeling and test case generation of inter-component communication in android. In: Proceedings of the Second ACM International Conference on Mobile Software Engineering and Systems, pp. 113–116. IEEE Press (2015)Google Scholar
  16. 16.
    Li, T., et al.: Mayhem in the push clouds: understanding and mitigating security hazards in mobile push-messaging services. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 978–989. ACM (2014)Google Scholar
  17. 17.
    Table Tennis 3D. Google Play Store, April 2014Google Scholar
  18. 18.
    Maji, A.K., Arshad, F.A., Bagchi, S., Rellermeyer, J.S.: An empirical study of the robustness of inter-component communication in android. In: 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12. IEEE (2012)Google Scholar
  19. 19.
    Ryszard Wiśniewski, C.T.: Apktool. https://ibotpeaches.github.io/Apktool/
  20. 20.
    Sadeghi, A., Bagheri, H., Malek, S.: Analysis of android inter-app security vulnerabilities using covert. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE), vol. 2, pp. 725–728. IEEE (2015)Google Scholar
  21. 21.
    Salva, S., Zafimiharisoa, S.R.: Data vulnerability detection by security testing for android applications. In: Information Security for South Africa, pp. 1–8. IEEE (2013)Google Scholar
  22. 22.
    Sasnauskas, R., Regehr, J.: Intent fuzzer: crafting intents of death. In: Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), pp. 1–5. ACM (2014)Google Scholar
  23. 23.
    Statcounter.com: Operating system market share worldwide, January 2018. http://gs.statcounter.com/os-market-share/mobile/worldwide
  24. 24.
    Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)Google Scholar
  25. 25.
    Tao, W., Zhang, D., Yu, W.: Android settings pendingintent leak, November 2014. https://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html
  26. 26.
    Weiser, M.: Program slicing. IEEE Trans. Softw. Eng. 10(4), 352–357 (1984)CrossRefGoogle Scholar
  27. 27.
    Yang, K., Zhuge, J., Wang, Y., Zhou, L., Duan, H.: Intentfuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 531–536. ACM (2014)Google Scholar
  28. 28.
    Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., Wang, X.S.: Appintent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1043–1054. ACM (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.University of PotsdamPotsdamGermany

Personalised recommendations