Automated detection and mitigation of inter-application security vulnerabilities in Android (invited talk)

Sam Malek, Hamid Bagheri, Alireza Sadeghi
2014 Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile - DeMobile 2014  
Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for
more » ... roach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications-holding certain permissions and potentially interacting with each other-to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications.
doi:10.1145/2661694.2661699 dblp:conf/sigsoft/MalekBS14 fatcat:44khibbonrecrao2cr3mu6vxgi