IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Li, Li; Bartel, Alexandre; Bissyandé, Tegawendé F.; Klein, Jacques; Traon, Yves Le; Arzt, Steven; Rasthofer, Siegfried; Bodden, Eric; Octeau, Damien; McDaniel, Patrick

doi:10.1109/icse.2015.48

Cited by 370 publications

(360 citation statements)

References 30 publications

Supporting

Mentioning

356

Contrasting

Unclassified

Order By: Relevance

“…We consider IccTA [16], a state-of-the-art Android intra-app analysis tool, which originally aims at detecting inter-component privacy leaks inside a single Android app. We select IccTA to validate our approach by investigating the effectiveness of ApkCombiner in supporting existing tools for performing inter-app analyses.…”

Section: Inter-app Analysismentioning

confidence: 99%

“…In the second step, we evaluate ApkCombiner on 3,000 real Android apps. We first build an IAC graph through the results of our extended Epicc [16,18], where an app stands for a node and an inter-app communication is modeled as an edge. For each of such edges, we launched ApkCombiner on the associated pair of apps and then used IccTA on the generated app.…”

Section: Inter-app Analysismentioning

confidence: 99%

“…In previous work [17], we have shown that Android components can exploit such ICC vulnerabilities to leak private data. More recent works have further demonstrated that Android apps exhibit various privacy leaks that are built around the ICC mechanism [13,16,20].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis

Bartel

Bissyandé

et al. 2015

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Abstract. Android apps are made of components which can leak information between one another using the ICC mechanism. With the growing momentum of Android, a number of research contributions have led to tools for the intra-app analysis of Android apps. Unfortunately, these state-of-the-art approaches, and the associated tools, have long left out the security flaws that arise across the boundaries of single apps, in the interaction between several apps. In this paper, we present a tool called ApkCombiner which aims at reducing an inter-app communication problem to an intra-app inter-component communication problem. In practice, ApkCombiner combines different apps into a single apk on which existing tools can indirectly perform inter-app analysis. We have evaluated ApkCombiner on a dataset of 3,000 real-world Android apps, to demonstrate its capability to support static context-aware inter-app analysis scenarios.

show abstract

Section: Inter-app Analysismentioning

confidence: 99%

Section: Inter-app Analysismentioning

confidence: 99%

See 1 more Smart Citation

ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis

Bartel

Bissyandé

et al. 2015

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

show abstract

“…[29]. Flowdroid [7] and IccTA [17] used the lifecycle of components for inter-callback analysis. The manual models can only handle a subset of the callbacks executed in the Android API methods, and can be imprecise [25] and difficult to update as the Android framework evolves.…”

Section: Discussionmentioning

confidence: 99%

Generating Predicate Callback Summaries for the Android Framework

Perez

2017

2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)

View full text Add to dashboard Cite

Abstract-One of the challenges of analyzing, testing and debugging Android apps is that the potential execution orders of callbacks are missing from the apps' source code. However, bugs, vulnerabilities and refactoring transformations have been found to be related to callback sequences. Existing work on control flow analysis of Android apps have mainly focused on analyzing GUI events. GUI events, although being a key part of determining control flow of Android apps, do not offer a complete picture. Our observation is that orthogonal to GUI events, the Android API calls also play an important role in determining the order of callbacks. In the past, such control flow information has been modeled manually. This paper presents a complementary solution of constructing program paths for Android apps. We proposed a specification technique, called Predicate Callback Summary (PCS), that represents the callback control flow information (including callback sequences as well as the conditions under which the callbacks are invoked) in Android API methods and developed static analysis techniques to automatically compute and apply such summaries to construct apps' callback sequences. Our experiments show that by applying PCSs, we are able to construct Android apps' control flow graphs, including inter-callback relations, and also to detect infeasible paths involving multiple callbacks. Such control flow information can help program analysis and testing tools to report more precise results. Our detailed experimental data is available at: goo.gl/NBPrKs

show abstract

“…Unfortunately, the mobile devices also attract more attacks and the safety of these privacy data has received lots of concerns [11,8,13,12,14]. To steal the user privacy persistently, one of the common methods for the attackers is to obtain the elevated privilege of the user devices and inject the eavesdropping modules.…”

Section: "'%#('#"mentioning

confidence: 99%

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Zhang

Guo

et al. 2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract-To persistently eavesdrop on the mobile devices, attackers may obtain the elevated privilege and inject malicious modules into the user devices. Unfortunately, the attackers may not be able to obtain the privilege for a long period of time since the exploitable vulnerabilities may be fixed or the malware may be removed. In this paper, we propose a new data hijacking attack for the mobile apps. By employing the proposed method, the attackers are only required to obtain the root privilege of the user devices once, and they can persistently eavesdrop without any change to the original device. Specifically, we design a new approach to construct a shadow system by hijacking user data files. In the shadow system, attackers possess the identical abilities to the victims. For instance, if a victim has logged into the email app, the attacker can also access the email server in the shadow system without authentication in a long period of time. Without reauthentication of the app, it is difficult for victims to notice the intrusion since the whole eavesdropping is performed on other devices (rather than the user devices). In our experiments, we evaluate the effectiveness of the proposed attack and the result demonstrates that even the Android apps released by the top developers cannot resist this attack. Finally, we discuss some approaches to defend the proposed attack.

show abstract

IccTA: Detecting Inter-Component Privacy Leaks in Android Apps

Cited by 370 publications

References 30 publications

ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis

ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis

Generating Predicate Callback Summaries for the Android Framework

Privacy Leaks through Data Hijacking Attack on Mobile Systems

Contact Info

Product

Resources

About