Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps

The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks 2024-01, Vol.2024 (1)
Hauptverfasser: Sarvazimi, Azadeh, Sakhaei-nia, Mehdi, Bathaeian, NargesSadat
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 1
container_start_page
container_title Security and communication networks
container_volume 2024
creator Sarvazimi, Azadeh
Sakhaei-nia, Mehdi
Bathaeian, NargesSadat
description The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.
doi_str_mv 10.1155/2024/8663701
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_3118512722</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3118512722</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</originalsourceid><addsrcrecordid>eNo9kMtqwzAQRUVpoWnaXT9A0G3daPSwnWUIaRIINIs-lkaSR6mCK7uSs8jf1yGhq7kwh8vlEPII7AVAqQlnXE7KPBcFgysygqmYZgw4v_7PIG_JXUp7xnKQhRyRr5XffTdHuo1ofUKqQ00XznnrMfR0FnRzTD7R1tEthtqH3Tr0p8_noQkYtfGN7z0m6to40HVsfU1nXZfuyY3TTcKHyx2Tj9fF-3yVbd6W6_lsk1lgAjJrDFeO16K03IHOC0BUVpWaAy-YYbxGVRY5cF1MlUGJ2kgjVS6ZkqZwKMbk6dzbxfb3gKmv9u0hDrNTJQBKNdRwPlDPZ8rGNqWIruqi_9HxWAGrTuqqk7rqok78AWfTX_s</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3118512722</pqid></control><display><type>article</type><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><source>Wiley Online Library Open Access</source><source>EZB-FREE-00999 freely available EZB journals</source><source>Alma/SFX Local Collection</source><creator>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat</creator><contributor>Singh, Ghanshyam ; Ghanshyam Singh</contributor><creatorcontrib>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat ; Singh, Ghanshyam ; Ghanshyam Singh</creatorcontrib><description>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2024/8663701</identifier><language>eng</language><publisher>London: Hindawi Limited</publisher><subject>Communication ; Data integrity ; Denial of service attacks ; Methods</subject><ispartof>Security and communication networks, 2024-01, Vol.2024 (1)</ispartof><rights>Copyright © 2024 Azadeh Sarvazimi et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</cites><orcidid>0000-0002-8793-5313 ; 0000-0003-1105-7857 ; 0009-0005-1698-327X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,778,782,27907,27908</link.rule.ids></links><search><contributor>Singh, Ghanshyam</contributor><contributor>Ghanshyam Singh</contributor><creatorcontrib>Sarvazimi, Azadeh</creatorcontrib><creatorcontrib>Sakhaei-nia, Mehdi</creatorcontrib><creatorcontrib>Bathaeian, NargesSadat</creatorcontrib><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><title>Security and communication networks</title><description>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</description><subject>Communication</subject><subject>Data integrity</subject><subject>Denial of service attacks</subject><subject>Methods</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNo9kMtqwzAQRUVpoWnaXT9A0G3daPSwnWUIaRIINIs-lkaSR6mCK7uSs8jf1yGhq7kwh8vlEPII7AVAqQlnXE7KPBcFgysygqmYZgw4v_7PIG_JXUp7xnKQhRyRr5XffTdHuo1ofUKqQ00XznnrMfR0FnRzTD7R1tEthtqH3Tr0p8_noQkYtfGN7z0m6to40HVsfU1nXZfuyY3TTcKHyx2Tj9fF-3yVbd6W6_lsk1lgAjJrDFeO16K03IHOC0BUVpWaAy-YYbxGVRY5cF1MlUGJ2kgjVS6ZkqZwKMbk6dzbxfb3gKmv9u0hDrNTJQBKNdRwPlDPZ8rGNqWIruqi_9HxWAGrTuqqk7rqok78AWfTX_s</recordid><startdate>202401</startdate><enddate>202401</enddate><creator>Sarvazimi, Azadeh</creator><creator>Sakhaei-nia, Mehdi</creator><creator>Bathaeian, NargesSadat</creator><general>Hindawi Limited</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-8793-5313</orcidid><orcidid>https://orcid.org/0000-0003-1105-7857</orcidid><orcidid>https://orcid.org/0009-0005-1698-327X</orcidid></search><sort><creationdate>202401</creationdate><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><author>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Communication</topic><topic>Data integrity</topic><topic>Denial of service attacks</topic><topic>Methods</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sarvazimi, Azadeh</creatorcontrib><creatorcontrib>Sakhaei-nia, Mehdi</creatorcontrib><creatorcontrib>Bathaeian, NargesSadat</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sarvazimi, Azadeh</au><au>Sakhaei-nia, Mehdi</au><au>Bathaeian, NargesSadat</au><au>Singh, Ghanshyam</au><au>Ghanshyam Singh</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</atitle><jtitle>Security and communication networks</jtitle><date>2024-01</date><risdate>2024</risdate><volume>2024</volume><issue>1</issue><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</abstract><cop>London</cop><pub>Hindawi Limited</pub><doi>10.1155/2024/8663701</doi><orcidid>https://orcid.org/0000-0002-8793-5313</orcidid><orcidid>https://orcid.org/0000-0003-1105-7857</orcidid><orcidid>https://orcid.org/0009-0005-1698-327X</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-0114
ispartof Security and communication networks, 2024-01, Vol.2024 (1)
issn 1939-0114
1939-0122
language eng
recordid cdi_proquest_journals_3118512722
source Wiley Online Library Open Access; EZB-FREE-00999 freely available EZB journals; Alma/SFX Local Collection
subjects Communication
Data integrity
Denial of service attacks
Methods
title Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T03%3A46%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Highly%20Precise%20and%20Efficient%20Analysis%20of%20PendingIntent%20Vulnerabilities%20for%20Android%20Apps&rft.jtitle=Security%20and%20communication%20networks&rft.au=Sarvazimi,%20Azadeh&rft.date=2024-01&rft.volume=2024&rft.issue=1&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2024/8663701&rft_dat=%3Cproquest_cross%3E3118512722%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3118512722&rft_id=info:pmid/&rfr_iscdi=true