ANALYZING
INTER-APPLICATION
COMMUNICATIONIN
A
NDROID
Erika Chin
Adrienne Porter Felt
Adrienne Porter Felt
Kate Greenwood
David Wagner
UC Berkeley
INTER-APPLICATION
COMMUNICATION
Yelp App
•Eavesdropping Attacks
•Injection Attacks
Inter-A
pp
lication Communication
pp
Maps AppDialer App
Malicious
App
Other App
2
O
RGANIZATION
O
RGANIZATION
Android communication model
Security analysis of Android
ComDroid
Analysis of third-party applications
Recommendations
3
ANDROID
OVERVIEW
Intents= Android IPC
Applications are divided into components
Intents can be sent between components
Intents can be sent between components
Intents can be used for intra-and inter-application
ii
commun
i
cat
i
on
Sender
Receiver
4
Intent
EXPLICIT
INTENTS
Name: MapActivity
Yelp
Map
App
To:
MapActivity
To:
MapActivity
Only the specified destination receives this message
5
Only the specified destination receives this message
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: DISPLAYTIME
Clock
Im
p
licit Intent
App
p
Action: VIEW
6
IMPLICIT
INTENTS
Handles Action: VIEW
Ma
p
p
App
Yelp
Handles Action: VIEW
Browser
Im
p
licit Intent
App
p
Action: VIEW
7
SECURITY
ANALYSIS
OF
ANDROID
8
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
9
w
illU
p
d
ate
Sh
owt
i
mes
10
COMMON
DEVELOPER
PATTERN:
U
NIQUE
A
CTION
S
TRINGS
U
NIQUE
A
CTION
S
TRINGS
IMDbApp
Handles Actions:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Search
Implicit Intent
Action:
illUdShi
11
w
illU
p
d
ate
Sh
owt
i
mes
ATTACK #1: EAVESDROPPING
IMDbApp
Handles Action:
Eavesdropping App
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Search
Malicious
Receiver
Implicit Intent
Action:
willUpdateShowtimes
12
Sending Implicit Intents makes communication public
ATTACK #2: INTENT
SPOOFING
IMDbApp
Handles Action:
Malicious
Injection
A
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
A
pp
Malicious
Component
Results UI
A
ction:
showtimesNoLocationError
13
Receiving Implicit Intents makes the component public
14
Typical caseAttack case
ATTACK #3: M
AN
IN
THE
M
IDDLE
ATTACK #3: M
AN
IN
THE
M
IDDLE
IMDbApp
Man-in-the-Middle App
Handles Action:
willUpdateShowtimes,
showtimesNoLocation
Handles Action:
willUpdateShowtimes,
showtimesNoLocationError
Showtime
Results UI
Error
Malicious
Search
Receiver
Action:
willUpdateShowtimes
Action:
showtimesNoLocation
15
Error
ATTACK #4: SYSTEM
INTENT
SPOOFING
Back
g
round
–
S
y
stem Broadcast
g
y
Event notifications sent by the system
Some can only be sent by the system
Receivers become accessible to all applications
when listening for system broadcast
when listening for system broadcast
16
App 1
SYSTEM
BROADCAST
Component
Handles Action:
BootCompleted
Handles Action:
BootCompleted
App 2
System
Notifier
Component
Handles Action: BootCompleted
App
3
Action:
BtCltd
Component
pp
B
oo
tC
omp
l
e
t
e
d
17
Handles Action: BootCompleted
SYSTEM
INTENT
SPOOFING: FAILED
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
Action:
BootCompleted
18
SYSTEM
INTENT
SPOOFING: SUCCESSFUL
A
TTAC
K
Handles Action: BootCompleted
Malicious
App
App 1
Malicious
Component
Component
Component
To: App1.Component
19
REAL
WORLD
EXAMPLE: ICE APP
ICE App: Allows doctors access to medical
information on
p
hones
p
Contains a component that listens for the
BootCompletedsystem broadcast
ョ葉ﹴ若北說︠
ョ葉ﹴ
若北說︠
ﱯ
20
REAL
WORLD
EXAMPLE: ICE
21
COMDROID
Android
Security
ComDroid
Android
Executable
File
Warnings for
Exposed
Communication
ComDroidanalyzes applications to detect Intent-
based attack surfaces
22
EVALUATION
Manuall
y
verified ComDroid’swarnin
g
s for 20
y
g
applications
60% of applications examined have at least 1
exploitable IPC vulnerability
Type# of
Warnings
#of Apps
Severe Vulnerability3412
Bad Practice166
SpuriousWarning66
23
RECOMMENDATIONS
Treat inter-and intra-application communication
as different cases
Prevent public internal communication
f lbilii
21%
o
f
severe
vu
l
nera
bili
t
i
es
63% of bugs due to bad practice
Verify system broadcasts
6% of severe vulnerabilities
13% of bugs due to bad practice
C b fid b ith dl ltf
C
an
b
e
fi
xe
d b
y
e
ith
er
d
eve
l
opers
or
p
l
a
tf
orm
24
RELATED
WORK
Encket al.
–
introduces information leaka
g
e
g
through Broadcast Intents and information
injection into Receivers
Burns –discusses other common developers’
errors
errors
25
C
ONCLUSION
C
ONCLUSION
Applications may be vulnerable to other
applications through Android Intent
applications through Android Intent
communication
Many developers misuse Intents or do not realize
the consequences of their program design
60% of applications examined had at least 1
vulnerability
vulnerability
ComDroidtool to be publicall
y
accessible soon at
y
www.comdroid.org
26
Thank you!
Any questions?
27
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Comments 0
Log in to post a comment