Reducing attack surfaces for intra-application communication in android

David Kantola, Erika Chin, Warren He, David Wagner
2012 Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '12  
The complexity of Android's message-passing system has led to numerous vulnerabilities in third-party applications. Many of these vulnerabilities are a result of developers confusing inter-application and intra-application communication mechanisms. Consequently, we propose modifications to the Android platform to detect and protect inter-application messages that should have been intra-application messages. Our approach automatically reduces attack surfaces in legacy applications. We describe
more » ... ions. We describe our implementation for these changes and evaluate it based on the attack surface reduction and the extent to which our changes break compatibility with a large set of popular applications. We fix 100% of intraapplication vulnerabilities found in our previous work, which represents 31.4% of the total security flaws found in that work. Furthermore, we find that 99.4% and 93.0% of Android applications are compatible with our sending and receiving changes, respectively.
doi:10.1145/2381934.2381948 dblp:conf/ccs/KantolaCHW12 fatcat:bgtbslj2crhc3k4ipldjq5jkfm