Intent is an essential inter-component communication mechanism of Android OS, which can be used to request an action from another app component. The security of its design and implementation attracts lots of attention. However, the security of PendingIntent, a kind of delayed-triggered Intent, was neglected by most previous research, and the related analysis techniques are still imperfect. In this paper, we design a novel automated tool, PITracker, to detect the PendingIntent vulnerabilities in Android apps. It achieves the Intent flow tracking technique proposed by us, figuring out how an Intent is created and where it goes. In the real-world evaluations, PITracker discovered 2,939 potential threats in 10,000 third-party apps and 214 in 1,412 pre-installed apps. Among them, 11 exploitable vulnerabilities have been confirmed and acknowledged by the corresponding vendors.
CITATION STYLE
Zhang, C., Li, S., Diao, W., & Guo, S. (2022). PITracker: Detecting Android PendingIntent Vulnerabilities through Intent Flow Analysis. In WiSec 2022 - Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 20–25). Association for Computing Machinery, Inc. https://doi.org/10.1145/3507657.3528555
Mendeley helps you to discover research relevant for your work.