ANALYZING INTER-APPLICATION COMMUNICATION IN ANDROID

ANALYZING
INTER-APPLICATION
COMMUNICATIONIN
A
NDROID
Erika Chin
Adrienne Porter Felt
Adrienne Porter Felt
Kate Greenwood
David Wagner
UC Berkeley
INTER-APPLICATION
COMMUNICATION
Yelp App
•Eavesdropping Attacks
•Injection Attacks
Inter-A
pp
lication Communication
pp
Maps AppDialer App
Malicious
App
Other App
2
O
RGANIZATION
O
RGANIZATION

Android communication model

Security analysis of Android

ComDroid

Analysis of third-party applications

Recommendations
3
ANDROID
OVERVIEW

Intents= Android IPC

Applications are divided into components

Intents can be sent between components

Intents can be sent between components

Intents can be used for intra-and inter-application
ii
commun
i
cat
i
on
Sender
Receiver
4
Intent
EXPLICIT
INTENTS
Name: MapActivity
Yelp
Map
App
To:
MapActivity
To:
MapActivity
Only the specified destination receives this message
5
Only the specified destination receives this message
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: DISPLAYTIME
Clock
Im
p
licit Intent
App
p
Action: VIEW
6
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: VIEW
Browser
Im
p
licit Intent
App
p
Action: VIEW
7
SECURITY
ANALYSIS
OF
ANDROID
8
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
9
w
illU
p
d
ate
Sh
owt
i
mes
10
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
11
w
illU
p
d
ate
Sh
owt
i
mes
ATTACK #1: EAVESDROPPING
IMDbApp
Handles Action:
Eavesdropping App
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Search
Malicious
Receiver
Implicit Intent
Action:
willUpdateShowtimes
12
Sending Implicit Intents makes communication public
ATTACK #2: INTENT
SPOOFING
IMDbApp
Handles Action:
Malicious
Injection
A
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
A
pp
Malicious
Component
Results UI
A
ction:
showtimesNoLocationError
13
Receiving Implicit Intents makes the component public
14
Typical caseAttack case
ATTACK #3: M
AN
IN
THE
M
IDDLE
ATTACK #3: M
AN
IN
THE
M
IDDLE
IMDbApp
Man-in-the-Middle App
Handles Action:
willUpdateShowtimes,
showtimesNoLocation
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Error
Malicious
Search
Receiver
Action:
willUpdateShowtimes
Action:
showtimesNoLocation
15
Error
ATTACK #4: SYSTEM
INTENT
SPOOFING

Back
g
round
–
S
y
stem Broadcast
g
y

Event notifications sent by the system

Some can only be sent by the system

Receivers become accessible to all applications
when listening for system broadcast
when listening for system broadcast
16
App 1
SYSTEM
BROADCAST
Component
Handles Action:
BootCompleted
Handles Action:
BootCompleted
App 2
System
Notifier
Component
Handles Action: BootCompleted
App
3
Action:
BtCltd
Component
pp
B
oo
tC
omp
l
e
t
e
d
17
Handles Action: BootCompleted
SYSTEM
INTENT
SPOOFING: FAILED
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
Action:
BootCompleted
18
SYSTEM
INTENT
SPOOFING: SUCCESSFUL
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
To: App1.Component
19
REAL
WORLD
EXAMPLE: ICE APP

ICE App: Allows doctors access to medical
information on
p
hones
p

Contains a component that listens for the
BootCompletedsystem broadcast

ｮ葉ﹴ若北說︠

ｮ葉ﹴ

若北說︠
ﱯ
20
REAL
WORLD
EXAMPLE: ICE
21
COMDROID
Android
Security
ComDroid
Android
Executable
File
Warnings for
Exposed
Communication
ComDroidanalyzes applications to detect Intent-
based attack surfaces
22
EVALUATION

Manuall
y
verified ComDroid’swarnin
g
s for 20
y
g
applications

60% of applications examined have at least 1
exploitable IPC vulnerability
Type# of
Warnings
#of Apps
Severe Vulnerability3412
Bad Practice166
SpuriousWarning66
23
RECOMMENDATIONS

Treat inter-and intra-application communication
as different cases

Prevent public internal communication
f lbilii

21%

o
f
severe

vu
l
nera
bili
t
i
es

63% of bugs due to bad practice

Verify system broadcasts

6% of severe vulnerabilities

13% of bugs due to bad practice
C b fid b ith dl ltf

C
an
b
e
fi
xe
d b
y

e
ith
er
d
eve
l
opers

or

p
l
a
tf
orm
24
RELATED
WORK

Encket al.
–
introduces information leaka
g
e
g
through Broadcast Intents and information
injection into Receivers

Burns –discusses other common developers’
errors
errors
25
C
ONCLUSION
C
ONCLUSION

Applications may be vulnerable to other
applications through Android Intent
applications through Android Intent
communication

Many developers misuse Intents or do not realize
the consequences of their program design

60% of applications examined had at least 1
vulnerability
vulnerability

ComDroidtool to be publicall
y
accessible soon at
y
www.comdroid.org
26
Thank you!
Any questions?
27