Identifying and Analyzing Security Risks in Android Application Components

被引:0
作者
Zhang, Ming [1 ]
机构
[1] Mianyang Polytech, Dept Comp Sci, Mianyang, Peoples R China
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2016年 / 10卷 / 09期
关键词
Android security; Android components; Intents; message communication;
D O I
10.14257/ijsia.2016.10.9.17
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Android operating system provides a rich inter-application message passing system. The mechanism encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. In this paper, we examine Android application interaction and identify security risks in application components. We provide a method that detects application communication vulnerabilities. And the effectiveness of the method is verified by experiments.
引用
收藏
页码:165 / 174
页数:10
相关论文
共 50 条
[41]   A Proposal for Addressing Security Issues Related to Dynamic Code Loading on Android Platform [J].
Kelec, Aleksandar ;
Djuric, Zoran .
COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 2020, 35 (04) :271-282
[42]   Towards a multilayered permission-based access control for extending Android security [J].
Chang, Rui ;
Jiang, Liehui ;
Chen, Wenzhi ;
He, Hongqi ;
Yang, Shuiqiao ;
Jiang, Hang ;
Liu, Wei ;
Liu, Yong .
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2018, 30 (05)
[43]   Context Aware Dynamic Permission Model: A Retrospect of Privacy and Security in Android System [J].
Kumar, Sumit ;
Shanker, Ravi ;
Verma, Sahil .
2ND INTERNATIONAL CONFERENCE ON INTELLIGENT CIRCUITS AND SYSTEMS (ICICS 2018), 2018, :324-329
[44]   Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis [J].
Wang, Yingjie ;
Xu, Guangquan ;
Liu, Xing ;
Mao, Weixuan ;
Si, Chengxiang ;
Pedrycz, Witold ;
Wang, Wei .
JOURNAL OF SYSTEMS AND SOFTWARE, 2020, 167
[45]   Formal Analysis of Language-Based Android Security Using Theorem Proving Approach [J].
Khan, Wilayat ;
Kamran, Muhammad ;
Ahmad, Aakash ;
Khan, Farrukh Aslam ;
Derhab, Abdelouahid .
IEEE ACCESS, 2019, 7 :16550-16560
[46]   Evaluating the Privacy and Security Implications of AI-Based Medical Chatbots on Android Platforms [J].
Bao, T. Q. ;
Nghiem, P. T. ;
Khiem, T. L. ;
Trung, H. T. P. ;
Thong, T. D. ;
Trinh, P. D. ;
Doan Minh Hieu ;
Nhi True Le .
HYBRID ARTIFICIAL INTELLIGENT SYSTEMS, PT II, HAIS 2024, 2025, 14858 :26-38
[47]   Intelligent analysis of android application privacy policy and permission consistency [J].
Tu, Tengfei ;
Zhang, Hua ;
Gong, Bei ;
Du, Daizhong ;
Wen, Qiaoyan .
ARTIFICIAL INTELLIGENCE REVIEW, 2024, 57 (07)
[48]   Sifter: Protecting Security-Critical Kernel Modules in Android through Attack Surface Reduction [J].
Hung, Hsin-Wei ;
Liu, Yingtong ;
Sani, Ardalan Amiri .
PROCEEDINGS OF THE 2022 THE 28TH ANNUAL INTERNATIONAL CONFERENCE ON MOBILE COMPUTING AND NETWORKING, ACM MOBICOM 2022, 2022, :623-635
[49]   Catering to Your Concerns: Automatic Generation of Personalised Security-Centric Descriptions for Android Apps [J].
Wu, Tingmin ;
Tang, Lihong ;
Zhang, Rongjunchen ;
Wen, Sheng ;
Paris, Cecile ;
Nepal, Surya ;
Grobler, Marthie ;
Xiang, Yang .
ACM TRANSACTIONS ON CYBER-PHYSICAL SYSTEMS, 2019, 3 (04)
[50]   When Program Analysis Meets Mobile Security: An Industrial Study of Misusing Android Internet Sockets [J].
Bu, Wenqi ;
Xue, Minhui ;
Xu, Lihua ;
Zhou, Yajin ;
Tang, Zhushou ;
Xie, Tao .
ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2017, :842-847
12345