Title :
Improving the security of Android inter-component communication
Author :
Cozzette, Adam ; Lingel, Kathryn ; Matsumoto, Shinichi ; Ortlieb, Oliver ; Alexander, James ; Betser, Joseph ; Florer, Luke ; Kuenning, Geoff ; Nilles, John ; Reiher, Peter
Author_Institution :
Comput. Sci. Dept., Harvey Mudd Coll., Claremont, CA, USA
Abstract :
In the Android operating system, each application consists of a set of components that communicate with each other via messages called Intents. The current implementation of Intent handling is such that developers can inadvertently write insecure code that allows malicious applications to intercept or inject Intents to steal sensitive information or induce undesired behavior. We prevented these exploits by modifying Android´s Intent handling behavior to err on the side of safety except where the developer seems to explicitly specify otherwise. Additionally, we confirmed the pervasiveness of Intent vulnerabilities by analyzing the 497 most popular free applications in Android´s official application market, and proved the effectiveness of our modifications by manually verifying that they closed a substantial number of the security holes we identified.
Keywords :
mobile computing; operating systems (computers); security of data; Android official application market; Intent handling; android intercomponent communication security; android operating system; insecure code; malicious applications; sensitive information; Androids; Computer crashes; Humanoid robots; Receivers; Registers; Security; Smart phones;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
