An Empirical Study of Efficient Android Static Detection for Inter-Component Communication (ICC) Vulnerabilities

2020
Volume 6
Issue 1
Basic and Applied Sciences Journal

With the tremendous usage in mobile phones and applications (Apps), several critical risks arise alongside this technology. Security and privacy issues have been investigated by researchers and developers due to the importance of their implications. Even though the Android Operating System (OS) implements boundaries to isolate Apps from various vendors, the underdeveloped Apps could still pose end-user security risks. Therefore, some techniques and tools are needed to mitigate any potential threats. Most of the available security analysis tools provide standalone feedback by unpacking the apk file (reverse engineering). These tools have to be executed manually and they commonly require the use of shell commands. Regarding analysis on demand, other tools have emerged that are well integrated into an IDE (Integrated Development Environment) and provide instantaneous feedback. However, only a few tools offer both features, none of them specifically targets the Inter-Component Communication (ICC) security code vulnerabilities. As a result, this paper represents a Proof-of-Concept (PoC) by deploying a static analysis tool. This tool makes Android Apps more secure by detecting the ICC security code smells (or the ICC Vulnerabilities) in order to minimize the attack surface in Android applications. Three different types of Android ICC vulnerabilities related to intent spoofing attacks have been identified and successfully implemented to meet the research gap. For results validation, several test cases are used to demonstrate the efficiency of the proposed tool.

1_8 (1).pdf
1
79