PITracker: Detecting Android PendingIntent Vulnerabilities through Intent Flow Analysis

4Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Intent is an essential inter-component communication mechanism of Android OS, which can be used to request an action from another app component. The security of its design and implementation attracts lots of attention. However, the security of PendingIntent, a kind of delayed-triggered Intent, was neglected by most previous research, and the related analysis techniques are still imperfect. In this paper, we design a novel automated tool, PITracker, to detect the PendingIntent vulnerabilities in Android apps. It achieves the Intent flow tracking technique proposed by us, figuring out how an Intent is created and where it goes. In the real-world evaluations, PITracker discovered 2,939 potential threats in 10,000 third-party apps and 214 in 1,412 pre-installed apps. Among them, 11 exploitable vulnerabilities have been confirmed and acknowledged by the corresponding vendors.

References Powered by Scopus

Analyzing inter-application communication in Android

690Citations
N/AReaders
Get full text

IccTA: Detecting inter-component privacy leaks in android apps

541Citations
N/AReaders
Get full text

CHEX: Statically vetting Android apps for component hijacking vulnerabilities

539Citations
N/AReaders
Get full text

Cited by Powered by Scopus

Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem

6Citations
N/AReaders
Get full text

AppChainer: investigating the chainability among payloads in android applications

1Citations
N/AReaders
Get full text

MULBER: Effective Android Malware Clustering Using Evolutionary Feature Selection and Mahalanobis Distance Metric

1Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Zhang, C., Li, S., Diao, W., & Guo, S. (2022). PITracker: Detecting Android PendingIntent Vulnerabilities through Intent Flow Analysis. In WiSec 2022 - Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 20–25). Association for Computing Machinery, Inc. https://doi.org/10.1145/3507657.3528555

Readers' Seniority

Tooltip

Researcher 1

100%

Readers' Discipline

Tooltip

Computer Science 1

100%

Save time finding and organizing research with Mendeley

Sign up for free