Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps
The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks...
Gespeichert in:
Veröffentlicht in: | Security and communication networks 2024-01, Vol.2024 (1) |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | 1 |
container_start_page | |
container_title | Security and communication networks |
container_volume | 2024 |
creator | Sarvazimi, Azadeh Sakhaei-nia, Mehdi Bathaeian, NargesSadat |
description | The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer. |
doi_str_mv | 10.1155/2024/8663701 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_3118512722</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3118512722</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</originalsourceid><addsrcrecordid>eNo9kMtqwzAQRUVpoWnaXT9A0G3daPSwnWUIaRIINIs-lkaSR6mCK7uSs8jf1yGhq7kwh8vlEPII7AVAqQlnXE7KPBcFgysygqmYZgw4v_7PIG_JXUp7xnKQhRyRr5XffTdHuo1ofUKqQ00XznnrMfR0FnRzTD7R1tEthtqH3Tr0p8_noQkYtfGN7z0m6to40HVsfU1nXZfuyY3TTcKHyx2Tj9fF-3yVbd6W6_lsk1lgAjJrDFeO16K03IHOC0BUVpWaAy-YYbxGVRY5cF1MlUGJ2kgjVS6ZkqZwKMbk6dzbxfb3gKmv9u0hDrNTJQBKNdRwPlDPZ8rGNqWIruqi_9HxWAGrTuqqk7rqok78AWfTX_s</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3118512722</pqid></control><display><type>article</type><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><source>Wiley Online Library Open Access</source><source>EZB-FREE-00999 freely available EZB journals</source><source>Alma/SFX Local Collection</source><creator>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat</creator><contributor>Singh, Ghanshyam ; Ghanshyam Singh</contributor><creatorcontrib>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat ; Singh, Ghanshyam ; Ghanshyam Singh</creatorcontrib><description>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2024/8663701</identifier><language>eng</language><publisher>London: Hindawi Limited</publisher><subject>Communication ; Data integrity ; Denial of service attacks ; Methods</subject><ispartof>Security and communication networks, 2024-01, Vol.2024 (1)</ispartof><rights>Copyright © 2024 Azadeh Sarvazimi et al. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</cites><orcidid>0000-0002-8793-5313 ; 0000-0003-1105-7857 ; 0009-0005-1698-327X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,778,782,27907,27908</link.rule.ids></links><search><contributor>Singh, Ghanshyam</contributor><contributor>Ghanshyam Singh</contributor><creatorcontrib>Sarvazimi, Azadeh</creatorcontrib><creatorcontrib>Sakhaei-nia, Mehdi</creatorcontrib><creatorcontrib>Bathaeian, NargesSadat</creatorcontrib><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><title>Security and communication networks</title><description>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</description><subject>Communication</subject><subject>Data integrity</subject><subject>Denial of service attacks</subject><subject>Methods</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNo9kMtqwzAQRUVpoWnaXT9A0G3daPSwnWUIaRIINIs-lkaSR6mCK7uSs8jf1yGhq7kwh8vlEPII7AVAqQlnXE7KPBcFgysygqmYZgw4v_7PIG_JXUp7xnKQhRyRr5XffTdHuo1ofUKqQ00XznnrMfR0FnRzTD7R1tEthtqH3Tr0p8_noQkYtfGN7z0m6to40HVsfU1nXZfuyY3TTcKHyx2Tj9fF-3yVbd6W6_lsk1lgAjJrDFeO16K03IHOC0BUVpWaAy-YYbxGVRY5cF1MlUGJ2kgjVS6ZkqZwKMbk6dzbxfb3gKmv9u0hDrNTJQBKNdRwPlDPZ8rGNqWIruqi_9HxWAGrTuqqk7rqok78AWfTX_s</recordid><startdate>202401</startdate><enddate>202401</enddate><creator>Sarvazimi, Azadeh</creator><creator>Sakhaei-nia, Mehdi</creator><creator>Bathaeian, NargesSadat</creator><general>Hindawi Limited</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-8793-5313</orcidid><orcidid>https://orcid.org/0000-0003-1105-7857</orcidid><orcidid>https://orcid.org/0009-0005-1698-327X</orcidid></search><sort><creationdate>202401</creationdate><title>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</title><author>Sarvazimi, Azadeh ; Sakhaei-nia, Mehdi ; Bathaeian, NargesSadat</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1031-cbb25f2d38c2f1a671ee5c58a21270b02de587612a795be4eab4b4564054b7fe3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Communication</topic><topic>Data integrity</topic><topic>Denial of service attacks</topic><topic>Methods</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sarvazimi, Azadeh</creatorcontrib><creatorcontrib>Sakhaei-nia, Mehdi</creatorcontrib><creatorcontrib>Bathaeian, NargesSadat</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sarvazimi, Azadeh</au><au>Sakhaei-nia, Mehdi</au><au>Bathaeian, NargesSadat</au><au>Singh, Ghanshyam</au><au>Ghanshyam Singh</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps</atitle><jtitle>Security and communication networks</jtitle><date>2024-01</date><risdate>2024</risdate><volume>2024</volume><issue>1</issue><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>The expanding development of android applications is partially due to the communication model, named inter‐component communication (ICC) model. PendingIntent (PI) is a powerful feature that is used for ICC. Many android developers use PI in their apps, but if it is used insecurely, it can pose risks and result in different types of attacks like denial of service, privilege escalation, and data leakage. Hence, it is crucial to detect vulnerabilities related to PI before android apps are released on Android app stores. In this paper, a new PI‐related vulnerability is introduced, which is detected by the proposed method in addition to the vulnerabilities pointed out in other methods. In addition, the proposed method that is based on static analysis takes less time than other methods to detect the vulnerabilities. For evaluation, we compare the proposed method with PIAnalyzer tool. Results on 51 application benchmarks show that the proposed method detects the new PI‐related vulnerability that is not detected by PIAnalyzer. Also, the proposed method detects vulnerabilities 27% faster than PIAnalyzer.</abstract><cop>London</cop><pub>Hindawi Limited</pub><doi>10.1155/2024/8663701</doi><orcidid>https://orcid.org/0000-0002-8793-5313</orcidid><orcidid>https://orcid.org/0000-0003-1105-7857</orcidid><orcidid>https://orcid.org/0009-0005-1698-327X</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1939-0114 |
ispartof | Security and communication networks, 2024-01, Vol.2024 (1) |
issn | 1939-0114 1939-0122 |
language | eng |
recordid | cdi_proquest_journals_3118512722 |
source | Wiley Online Library Open Access; EZB-FREE-00999 freely available EZB journals; Alma/SFX Local Collection |
subjects | Communication Data integrity Denial of service attacks Methods |
title | Highly Precise and Efficient Analysis of PendingIntent Vulnerabilities for Android Apps |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T03%3A46%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Highly%20Precise%20and%20Efficient%20Analysis%20of%20PendingIntent%20Vulnerabilities%20for%20Android%20Apps&rft.jtitle=Security%20and%20communication%20networks&rft.au=Sarvazimi,%20Azadeh&rft.date=2024-01&rft.volume=2024&rft.issue=1&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2024/8663701&rft_dat=%3Cproquest_cross%3E3118512722%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3118512722&rft_id=info:pmid/&rfr_iscdi=true |