Skip to main content
Conference ProceedingsOPEN ACCESS

PITracker: Detecting Android PendingIntent Vulnerabilities through Intent Flow Analysis

WiSec 2022 - Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2022) 20-25
DOI: 10.1145/3507657.3528555
4Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Intent is an essential inter-component communication mechanism of Android OS, which can be used to request an action from another app component. The security of its design and implementation attracts lots of attention. However, the security of PendingIntent, a kind of delayed-triggered Intent, was neglected by most previous research, and the related analysis techniques are still imperfect. In this paper, we design a novel automated tool, PITracker, to detect the PendingIntent vulnerabilities in Android apps. It achieves the Intent flow tracking technique proposed by us, figuring out how an Intent is created and where it goes. In the real-world evaluations, PITracker discovered 2,939 potential threats in 10,000 third-party apps and 214 in 1,412 pre-installed apps. Among them, 11 exploitable vulnerabilities have been confirmed and acknowledged by the corresponding vendors.

Author supplied keywords

References Powered by Scopus

Analyzing inter-application communication in Android

MobiSys'11 - Compilation Proceedings of the 9th International Conference on Mobile Systems, Applications and Services and Co-located Workshops
690Citations
N/AReaders
Get full text

IccTA: Detecting inter-component privacy leaks in android apps

Proceedings - International Conference on Software Engineering
541Citations
N/AReaders
Get full text

CHEX: Statically vetting Android apps for component hijacking vulnerabilities

Proceedings of the ACM Conference on Computer and Communications Security
539Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem

IEEE Transactions on Software Engineering
6Citations
N/AReaders
Get full text

AppChainer: investigating the chainability among payloads in android applications

Cybersecurity
1Citations
N/AReaders
Get full text

MULBER: Effective Android Malware Clustering Using Evolutionary Feature Selection and Mahalanobis Distance Metric

Symmetry
1Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Zhang, C., Li, S., Diao, W., & Guo, S. (2022). PITracker: Detecting Android PendingIntent Vulnerabilities through Intent Flow Analysis. In WiSec 2022 - Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 20–25). Association for Computing Machinery, Inc. https://doi.org/10.1145/3507657.3528555

Readers' Seniority

Tooltip

Researcher 1

100%

Readers' Discipline

Tooltip

Computer Science 1

100%

Save time finding and organizing research with Mendeley

Sign up for free