Improving the security of Android inter-component communication

Author

Cozzette, Adam ; Lingel, Kathryn ; Matsumoto, Shinichi ; Ortlieb, Oliver ; Alexander, James ; Betser, Joseph ; Florer, Luke ; Kuenning, Geoff ; Nilles, John ; Reiher, Peter

Author_Institution

Comput. Sci. Dept., Harvey Mudd Coll., Claremont, CA, USA

fYear

2013

fDate

27-31 May 2013

Firstpage

808

Lastpage

811

Abstract

In the Android operating system, each application consists of a set of components that communicate with each other via messages called Intents. The current implementation of Intent handling is such that developers can inadvertently write insecure code that allows malicious applications to intercept or inject Intents to steal sensitive information or induce undesired behavior. We prevented these exploits by modifying Android´s Intent handling behavior to err on the side of safety except where the developer seems to explicitly specify otherwise. Additionally, we confirmed the pervasiveness of Intent vulnerabilities by analyzing the 497 most popular free applications in Android´s official application market, and proved the effectiveness of our modifications by manually verifying that they closed a substantial number of the security holes we identified.

Keywords

mobile computing; operating systems (computers); security of data; Android official application market; Intent handling; android intercomponent communication security; android operating system; insecure code; malicious applications; sensitive information; Androids; Computer crashes; Humanoid robots; Receivers; Registers; Security; Smart phones;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on

Conference_Location

Ghent

Print_ISBN

978-1-4673-5229-1

Type

conf

Filename

6573084