Analyzing Inter-Application Communication in Android

idleheadedceleryMobile - Wireless

Dec 10, 2013 (3 years and 11 months ago)

215 views

A
NALYZING

I
NTER
-
A
PPLICATION

C
OMMUNICATION

IN

A
NDROID

Erika Chin

Adrienne Porter Felt

Kate Greenwood

David Wagner

UC Berkeley

I
NTER
-
A
PPLICATION

C
OMMUNICATION

2

Yelp App

Maps App

Dialer App

Malicious
App


Eavesdropping Attacks

Inter
-
Application Communication

Other App


Injection Attacks

O
RGANIZATION


Android communication model



Security analysis of Android



ComDroid



Analysis of third
-
party applications



Recommendations

3

A
NDROID

O
VERVIEW


Intents

= Android IPC



Applications are divided into
components



Intents can be sent between components



Intents can be used for intra
-

and inter
-
application
communication

4

Sender

Receiver

Intent

E
XPLICIT

I
NTENTS

5

Yelp

Map

App

Name:
MapActivity

To:
MapActivity

Only the specified destination receives this message

I
MPLICIT

I
NTENTS


6

Yelp

Clock

App

Map

App

Handles Action: VIEW

Handles Action: DISPLAYTIME

Implicit Intent

Action: VIEW

I
MPLICIT

I
NTENTS


7

Yelp

Browser

App

Map

App

Handles Action: VIEW

Handles Action: VIEW

Implicit Intent

Action: VIEW

S
ECURITY

A
NALYSIS

O
F

A
NDROID

8

C
OMMON

D
EVELOPER

P
ATTERN
:

U
NIQUE

A
CTION

S
TRINGS

9

Showtime

Search

Results UI

IMDb

App

Handles Actions:
willUpdateShowtimes
,

showtimesNoLocationError

Implicit Intent

Action:
willUpdateShowtimes

10

C
OMMON

D
EVELOPER

P
ATTERN
:

U
NIQUE

A
CTION

S
TRINGS

11

Showtime

Search

Results UI

IMDb

App

Handles Actions:
willUpdateShowtimes
,

showtimesNoLocationError

Implicit Intent

Action:
willUpdateShowtimes

ATTACK #1: E
AVESDROPPING

12

Showtime

Search

Malicious
Receiver

IMDb

App

Handles Action:
willUpdateShowtimes
,

showtimesNoLocationError

Implicit Intent

Action:
willUpdateShowtimes

Eavesdropping App

Sending Implicit Intents makes communication public

ATTACK #2: I
NTENT

S
POOFING

13

Malicious
Component

Results UI

IMDb

App

Handles Action:
willUpdateShowtimes
,

showtimesNoLocationError

Action:
showtimesNoLocationError


Malicious
Injection
App


Receiving Implicit Intents makes the component public

14

Typical case

Attack case

ATTACK #3: M
AN

IN

THE

M
IDDLE

15

Showtime

Search

Results UI

IMDb

App

Handles Action:
willUpdateShowtimes
,

showtimesNoLocation

Error

Malicious
Receiver

Handles Action:
willUpdateShowtimes
,

showtimesNoLocationError

Man
-
in
-
the
-
Middle App

Action:
willUpdateShowtimes

Action:
showtimesNoLocation

Error

ATTACK #4: S
YSTEM

I
NTENT

S
POOFING


Background


System Broadcast


Event notifications sent by the system


Some can only be sent by the system



Receivers become accessible to all applications
when listening for system broadcast

16

S
YSTEM

B
ROADCAST

17

Component

App 1

Handles Action:
BootCompleted

Component

App 2

Handles Action:
BootCompleted


Component

App 3

Handles Action:
BootCompleted


System

Notifier

Action:

BootCompleted

S
YSTEM

I
NTENT

S
POOFING
: F
AILED

A
TTACK

18

Handles Action:
BootCompleted

Malicious

Component

Malicious
App

Action:
BootCompleted

Component

App 1

S
YSTEM

I
NTENT

S
POOFING
: S
UCCESSFUL

A
TTACK

19

Handles Action:
BootCompleted

Malicious

Component

Malicious
App

Component

App 1

To: App1.Component

R
EAL

W
ORLD

E
XAMPLE
: ICE A
PP


ICE App: Allows doctors access to medical
information on phones



Contains a component that listens for the
BootCompleted

system broadcast



On receipt of the Intent, it exits the application
and locks the screen

20

R
EAL

W
ORLD

E
XAMPLE
: ICE

21

C
OM
D
ROID

22

ComDroid

Android
Executable
File

Security
Warnings for
Exposed
Communication

ComDroid

analyzes applications to detect Intent
-
based attack surfaces

E
VALUATION


Manually verified
ComDroid’s

warnings for 20
applications



60%
of applications examined have at least 1
exploitable IPC vulnerability





23

Type

# of
Warnings

#

of Apps

Severe Vulnerability

34

12

Bad Practice

16

6

Spurious

Warning

6

6

R
ECOMMENDATIONS


Treat inter
-

and intra
-
application communication
as different cases



Prevent public internal communication


21% of severe vulnerabilities


63% of bugs due to bad practice



Verify system broadcasts


6% of severe vulnerabilities


13% of bugs due to bad practice



Can be fixed by either developers or platform


24

R
ELATED

W
ORK


Enck

et al.


introduces information leakage
through Broadcast Intents and information
injection into Receivers



Burns


discusses other common developers’
errors

25

C
ONCLUSION


Applications may be vulnerable to other
applications through Android Intent
communication



Many developers misuse Intents or do not realize
the consequences of their program design



60% of applications examined had at least 1
vulnerability



ComDroid

tool to be publically accessible soon at

www.comdroid.org

26




Thank you!


Any questions?

27